An operator has gained a limited shell on a target and notices an open service often used for remote file exchanges. The operator wants to place a malicious script on the target. Which option best accomplishes this goal?
Launch a web-based plugin for direct file uploads
Create new credentials on the identified service and upload the script
Use a specialized memory analysis tool to interpret running processes
Invoke a remote listener that fetches the script from the attacker’s system
Creating new credentials with write permissions on the discovered file transfer service enables direct uploads of malicious files. A remote listener or a web-based method disregards the known service. A memory analysis tool does not move files to the target.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a shell in the context of penetration testing?
Open an interactive chat with Bash
What are common file transfer services that could be exploited in this scenario?
Open an interactive chat with Bash
Why is creating new credentials more effective than using a remote listener or web-based uploads?