Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?

During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels.

Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?
A . Spawn a shell using sudo and an escape string such as sudo vim -c ‘!sh’.
B . Perform ASIC password cracking on the host.
C . Read the /etc/passwd file to extract the usernames.
D . Initiate unquoted service path exploits.
E . Use the UNION operator to extract the database schema.

View Answer

Answer: A

Explanation:

Reference: https://docs.rapid7.com/insightvm/elevating-permissions/

Spawning a shell using sudo and an escape string is a valid Linux post-exploitation method that can exploit a misconfigured sudoers file and allow a standard user to execute commands as root. ASIC password cracking is used to break hashed passwords, not to elevate privileges. Reading the /etc/passwd file may reveal usernames, but not passwords or privileges. Unquoted service path exploits are applicable to Windows systems, not Linux. Using the UNION operator is a SQL injection technique, not a Linux post-exploitation method.

Verified Reference:

https://www.comptia.org/blog/what-is-post-exploitation

https://partners.comptia.org/docs/default-source/resources/casp-content-guide