CompTIA PenTest+ (PT0-002) — Question 163

A penetration tester opened a reverse shell on a Linux web server and successfully escalated privileges to root. During the engagement, the tester noticed that another user logged in frequently as root to perform work tasks. To avoid disrupting this user’s work, which of the following is the BEST option for the penetration tester to maintain root-level persistence on this server during the test?

Answer options

• A. Add a web shell to the root of the website.
• B. Upgrade the reverse shell to a true TTY terminal.
• C. Add a new user with ID 0 to the /etc/passwd file.
• D. Change the password of the root user and revert after the test.

Correct answer: C

Explanation

The correct answer is C because adding a new user with UID 0 allows the penetration tester to maintain root access without interfering with the existing root user. Options A and B do not provide persistent access, while D would disrupt the other user's work by changing their access credentials.