CompTIA PenTest+ (PT0-001) — Question 162

A penetration tester has discovered through automated scanning that a Tomcat server allows for the use of default credentials. Using default credentials, the tester is able to upload WAR files to the server. Which of the following is the MOST likely post-exploitation step?

Answer options

• A. Upload a customized /etc/shadow file.
• B. Monitor network traffic
• C. Connect via SSH using default credentials.
• D. Install web shell on the server.

Correct answer: D

Explanation

The correct answer is D because installing a web shell allows the tester to maintain access and control over the compromised server. Options A and C do not directly relate to maintaining access, while B is more about surveillance than exploitation.