CompTIA PenTest+ (PT0-003) — Question 126

A penetration tester gains access to a chrooted environment and runs service --status-all on a target host. The tester reviews the following output:

[ + ] cron
[ + ] dhcp
[ - ] tomcat
[ - ] xserver
[ + ] ssh

The only other commands that the tester can execute are ps, nc, tcpdump, and crontab. Which of the following is the best method to maintain persistence?

Answer options

• A. Validate write access to crontab and add a reverse shell.
• B. Capture credentials to use with tcpdump.
• C. Scan the X11 server from the outside for unauthenticated connectivity.
• D. Check access to the tomcat default manager page and use an LFI payload.

Correct answer: A

Explanation

The best method to maintain persistence in this scenario is to validate write access to crontab and add a reverse shell, as cron jobs can run scripts at scheduled intervals, ensuring continued access. Capturing credentials with tcpdump may not guarantee persistence, while scanning the X11 server or checking the tomcat manager page may not be feasible given the service statuses and limited command options.