CompTIA PenTest+ (PT0-003) — Question 9

A penetration tester established an initial compromise on a host. The tester wants to pivot to other targets and set up an appropriate relay. The tester needs to enumerate through the compromised host as a relay from the tester's machine. Which of the following commands should the tester use to do this task from the tester's host?

Answer options

• A. attacker_host$ nmap -sT <target_cidr> | nc -n <compromised_host> 22
• B. attacker_host$ mknod backpipe p attacker_host$ nc -l -p 8000 | 0 <backpipe | nc <target_cidr> 80 | tee backpipe
• C. attacker_host$ nc -nlp 8000 | nc -n <target_cidr> attacker_host$ nmap -sT 127.0.0.1 8000
• D. attacker_host$ proxychains nmap -sT <target_cidr>

Correct answer: D

Explanation

The correct answer is D because using proxychains allows the tester to route their nmap scan through the compromised host, effectively using it as a relay. The other options either do not facilitate the pivoting correctly or involve incorrect command sequences that would not achieve the desired result.