Exam PT0-002 topic 1 question 243 discussion

This is C

C. Add a new user with ID 0 to the /etc/passwd file. Explanation: Adding a new user with ID 0 to the /etc/passwd file: • This method involves adding a new user with root privileges by modifying the /etc/passwd file. By giving this new user an ID of 0, the same as the root user, the penetration tester can create a backdoor user account that has root-level access without changing any existing user credentials or disrupting the legitimate user’s activities. This approach provides a stealthy and persistent way to maintain root access.

Adding a new user with UID 0 to the /etc/passwd file gives the penetration tester root-level access without altering the existing root account's password or behavior. This method ensures persistent access for the tester while allowing the legitimate root user to continue their work uninterrupted. It's a stealthy approach that maintains the penetration tester's access without directly impacting other users.

for sure

C is correct as it establishes a persistent way to access the system.

Hard question, but I am leaning towards B.

C the best option

C is the best

The BEST option for the penetration tester to maintain root-level persistence on this server during the test without disrupting the work of the other user is to add a new user with ID 0 to the /etc/passwd file. By doing so, the penetration tester will have a persistent user account with root-level privileges that can be used to maintain access to the system, without changing the credentials of the original root user. This approach will allow the other user to continue working on the system without interruption, and the penetration tester can continue with the test as required. The other options listed would either not provide persistent access or could disrupt the work of the other user.

B, upgrading the reverse shell to a true TTY terminal, is the best choice from the available options. This option will allow the penetration tester to interact with the system in a more user-friendly way, without disrupting the work of the other user. Upgrading the reverse shell to a TTY terminal will create a new session that can be used independently of the user currently logged in as root. This option is less likely to be detected by system administrators, and does not involve making any permanent changes to the system.

C is correct

C is the answer The best option for the penetration tester to maintain root-level persistence on this server during the test is to add a new user with ID 0 to the /etc/passwd file. This will allow the penetration tester to use the same user account as the other user, but with root privileges, meaning that it won’t disrupt the other user’s work. This can be done by adding a new line with the username and the numerical user ID 0 to the /etc/passwd file. For example, if the username for the other user is “johndoe”, the line to add would be “johndoe:x:0:0:John Doe:/root:/bin/bash”. After the user is added, the penetration tester can use the “su” command to switch to the new user and gain root privileges.

C is the answer ithink

A true TTY terminal is a type of terminal session that can be accessed over the network, allowing for remote access and complete control over a system. It enables users to make changes to the system, such as adding new users and modifying system files.

chat gpt says b

bbbbbbbb