Free Top CompTIA Pentest+ PT0-003 Actual Exam Questions - Question 9 Discussion
A penetration tester is ready to add shellcode for a specific remote executable exploit. The tester is
trying to prevent the payload from being blocked by antimalware that is running on the target.
Which of the following commands should the tester use to obtain shell access?
D is clearly off since it’s not generating a valid shellcode payload at all. Between A, B, and C, what stands out is encoding for AV evasion. B uses Meterpreter reverse shell, which is powerful but doesn’t mention encoders. C’s just a reverse shell without encoding. So A fits the question best since shikata_ga_nai is designed to obfuscate payloads to bypass antimalware detection, making it the better choice for that specific need.
Good point about the encoder in option A—it’s built specifically for evading AV detection by obfuscating the payload. B and C are solid reverse shells but don’t mention encoding or obfuscation, which is key when antimalware is involved. D is definitely off-topic anyway. So I’d say A fits best since it combines the right architecture, platform, and a well-known encoder designed for stealth against antimalware.
A, the encoder helps hide the payload better from AV scanners.
I’m thinking B makes the most sense here. Using a reverse_tcp Meterpreter payload usually helps with stealth since it initiates the connection from the target out, which can bypass network filters better than a bind shell. Plus, Meterpreter has built-in features that help with evasion beyond just encoding. The question focuses on avoiding antimalware, and Meterpreter's staged payloads often include some level of obfuscation and dynamic behavior that can slip past AV more effectively than a simple bind shell. So B seems like the better choice overall for shell access with AV evasion in mind.
A seems better for AV evasion since it uses the shikata_ga_nai encoder, which can help obfuscate the payload more than plain reverse shells in B or C. D is obviously irrelevant here.
I get why A’s encoder looks useful, but shikata_ga_nai is pretty well-known and might not fool updated AV. B’s meterpreter reverse_tcp offers more stealth overall. Does using bind_tcp in A really help avoid AV?
A imo, the key part is using an encoder to try and dodge antivirus detection, which only option A has with shikata_ga_nai. Reverse shells in B and C are good for bypassing firewalls but don’t specifically help with AV evasion. Option D is clearly useless here since it’s not even a valid msfvenom command or payload. So if the aim is to prevent AV from blocking the shellcode, A’s encoder is the best bet even though it uses bind_tcp instead of reverse_tcp.
Option C stands out because it uses a reverse shell payload, which generally helps bypass firewalls since the target connects back to the attacker. Also, EXITFUNC=none might prevent the process from crashing and revealing the exploit.
Maybe B makes the most sense here. Reverse_tcp payloads usually avoid firewall blocks better since the target initiates the connection, and B is specifically using meterpreter, which tends to be more flexible and stealthy than a basic shell like in C. Also, B doesn’t mention an encoder, but sometimes using less obvious payloads helps avoid detection more than standard encoders like shikata_ga_nai. D is definitely out since it’s not even a proper payload command, and A’s bind_tcp is usually easier to detect and block by antimalware or firewalls.
C/B? Not sure if the shikata_ga_nai encoder in A really helps against modern antimalware. D looks off since it’s not msfvenom-based. Wondering if reverse_tcp or bind_tcp is better here?