Which statement describes the 'reverse_tcp' payload in Windows Singles?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which statement describes the 'reverse_tcp' payload in Windows Singles?

Explanation:
When a payload uses reverse_tcp, the compromised Windows host initiates a TCP connection back to the attacker’s machine, establishing a control session over that outbound link. This design is often chosen to traverse firewalls or NATs that allow outbound connections but block inbound ones. The attacker runs a listener and waits for the incoming connection; once the target connects, the session is established through that channel, giving the attacker a shell or meterpreter session. This differs from a bind-shell approach, where the payload binds a port on the target and the attacker must connect to that port to gain access. The other options describe unrelated behaviors (opening a UDP tunnel or starting a web server) and don’t match how reverse_tcp operates.

When a payload uses reverse_tcp, the compromised Windows host initiates a TCP connection back to the attacker’s machine, establishing a control session over that outbound link. This design is often chosen to traverse firewalls or NATs that allow outbound connections but block inbound ones. The attacker runs a listener and waits for the incoming connection; once the target connects, the session is established through that channel, giving the attacker a shell or meterpreter session.

This differs from a bind-shell approach, where the payload binds a port on the target and the attacker must connect to that port to gain access. The other options describe unrelated behaviors (opening a UDP tunnel or starting a web server) and don’t match how reverse_tcp operates.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy