CompTIA PenTest+ (PT0-003) — Question 75
A penetration tester finds an un authenticated RCE vulnerability on a web server and wants to use it to enumerate other servers on the local network. The web server is behind a firewall that allows only an incoming connection to TCP ports 443 and 53 and unrestricted outbound TCP connections. The target web server is https://target.comptia.org. Which of the following should the tester use to perform the task with the fewest web requests?
Answer options
- A. nc -e /bin/sh -lp 53
- B. /bin/sh -c 'nc -l -p 443'
- C. nc -e /bin/sh53
- D. /bin/sh -c 'nc443'
Correct answer: A
Explanation
The correct answer is A because using 'nc -e /bin/sh -lp 53' sets up a listener on port 53, allowing the tester to execute commands with the fewest web requests. Option B opens a listener on port 443, which is not optimal since it involves more requests. Options C and D are incorrectly formatted and would not function as intended.