Free Top CompTIA Pentest+ PT0-003 Actual Exam Questions - Question 12 Discussion
[Attacks and Exploits] A previous penetration test report identified a host with vulnerabilities that was successfully exploited. Management has requested that an internal member of the security team reassess the host to determine if the vulnerability still exists. 
Part 1: . Analyze the output and select the command to exploit the vulnerable service. Part 2: . Analyze the output from each command. · Select the appropriate set of commands to escalate privileges. · Identify which remediation steps should be taken. 
For Part 1, the exploit targets the specific vulnerable version shown, so that fits. For Part 2, since the sudo output lists commands allowed without a password, those commands are your best bet for escalation—no need to try unrelated binaries.
Part 1’s command fits the service version; Part 2 should focus on sudo permissions shown.
Looks like Part 1’s exploit matches the vulnerable service version, so that’s the way to go.
For the exploit, using the command shown with the vulnerable service makes sense since it matches known CVEs. For privilege escalation, checking sudo rights or SUID binaries in the outputs could guide which commands to pick next.
Part 1 probably uses the exploit command shown in the first output. For escalation, check whoami and id outputs to
Part 1 is likely the command to trigger the exploit; Part 2 involves checking user rights to pick escalation commands.
This one’s tricky without the screenshots visible here. The questions seem to cover both exploitation and privilege escalation, plus remediation. The commands probably involve basic Linux tools but hard to say exactly which without seeing output.