CompTIA PenTest+ (PT0-002) — Question 124

A penetration tester is able to use a command injection vulnerability in a web application to get a reverse shell on a system After running a few commands, the tester runs the following:

python -c 'import pty; pty.spawn("/bin/bash")'

Which of the following actions Is the penetration tester performing?

Answer options

• A. Privilege escalation
• B. Upgrading the shell
• C. Writing a script for persistence
• D. Building a bind shell

Correct answer: B

Explanation

The correct answer is B, as the command is used to upgrade the shell to a fully interactive bash shell, allowing for better command execution and control. Options A, C, and D are incorrect because they describe different actions: privilege escalation involves gaining higher permissions, writing a script for persistence means creating a way to maintain access, and building a bind shell refers to a different method of remote access.