CompTIA PenTest+ (PT0-002) — Question 77

A penetration tester exploited a vulnerability on a server and remotely ran a payload to gain a shell. However, a connection was not established, and no errors were shown on the payload execution. The penetration tester suspected that a network device, like an IPS or next-generation firewall, was dropping the connection. Which of the following payloads are MOST likely to establish a shell successfully?

Answer options

• A. windows/x64/meterpreter/reverse_tcp
• B. windows/x64/meterpreter/reverse_http
• C. windows/x64/shell_reverse_tcp
• D. windows/x64/powershell_reverse_tcp
• E. windows/x64/meterpreter/reverse_https

Correct answer: E

Explanation

The correct answer is E because the 'reverse_https' payload uses HTTPS for communication, which is less likely to be blocked by firewalls or IPS devices that may filter out non-encrypted traffic. The other options, while functional, may be more easily detected and blocked due to their use of plain TCP or HTTP traffic.