Bird
Raised Fist0
Cybersecurityknowledge~20 mins

Post-exploitation and pivoting in Cybersecurity - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualPracticeChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Post-exploitation and Pivoting Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Understanding Post-exploitation Goals

After successfully exploiting a system, what is the primary goal of post-exploitation activities?

ATo maintain access and gather further information from the compromised system
BTo immediately delete all logs and evidence of the attack
CTo scan the internet for new vulnerable targets
DTo install antivirus software to protect the system
Attempts:
2 left
💡 Hint

Think about what an attacker wants to do after gaining control of a system.

📋 Factual
intermediate
2:00remaining
Pivoting Techniques in Cybersecurity

Which of the following best describes the concept of pivoting in a cyberattack?

AUsing a compromised system to attack other systems within the same network
BDirectly attacking a system from the internet without any intermediate steps
CInstalling malware on a user's personal device only
DEncrypting data to prevent unauthorized access
Attempts:
2 left
💡 Hint

Pivoting involves moving from one system to another inside a network.

🔍 Analysis
advanced
2:00remaining
Analyzing a Post-exploitation Scenario

An attacker has gained access to a server inside a corporate network. They want to move laterally to a database server that is not accessible from outside. Which method would best allow this pivot?

AScan the internet for the database server's IP address and attack directly
BSet up a SOCKS proxy on the compromised server and route traffic through it
CSend phishing emails to employees to get credentials
DInstall antivirus software on the compromised server
Attempts:
2 left
💡 Hint

Think about how attackers use compromised machines to reach internal resources.

Comparison
advanced
2:00remaining
Comparing Pivoting Methods

Which of the following statements correctly compares VPN pivoting and port forwarding pivoting?

ANeither method allows access to internal network resources
BPort forwarding creates a full network tunnel, while VPN pivoting redirects specific ports
CVPN pivoting creates a full network tunnel, while port forwarding only redirects specific ports
DBoth methods only redirect specific ports without creating a network tunnel
Attempts:
2 left
💡 Hint

Consider the scope of access each method provides.

Reasoning
expert
2:00remaining
Identifying the Outcome of a Pivoting Setup

An attacker sets up SSH local port forwarding from their machine to a remote internal web server through a compromised jump host. What is the expected result of this setup?

AThe attacker can access all internal network services without restrictions
BThe attacker can only access the jump host but not the internal web server
CThe attacker loses access to the jump host after setting up port forwarding
DThe attacker can access the internal web server by connecting to a local port on their machine
Attempts:
2 left
💡 Hint

Think about what local port forwarding does in SSH.

Practice

(1/5)
1. What is the main purpose of post-exploitation in cybersecurity?
easy
A. To prevent unauthorized access to a network
B. To install antivirus software
C. To perform actions after gaining access to a system
D. To encrypt data before sending

Solution

  1. Step 1: Understand post-exploitation context

    Post-exploitation refers to activities done after an attacker has gained access to a system.

  2. Step 2: Identify main goal

    The main goal is to explore, gather information, and maintain control over the compromised system.

  3. Final Answer:

    To perform actions after gaining access to a system -> Option C

  4. Quick Check:

    Post-exploitation = actions after access [OK]
Hint: Post-exploitation happens after breaking in [OK]
Common Mistakes:
  • Confusing post-exploitation with prevention
  • Thinking it means installing security tools
  • Mixing it with data encryption
2. Which of the following commands is commonly used to create a pivot in a compromised network?
easy
A. ssh -L 8080:target:80 user@compromised
B. netstat -an
C. ping 192.168.1.1
D. tracert google.com

Solution

  1. Step 1: Identify pivoting command

    Pivoting often uses SSH tunneling to forward ports from a compromised system to reach other targets.

  2. Step 2: Analyze options

    ssh -L 8080:target:80 user@compromised uses SSH local port forwarding, which is a common pivot technique.

  3. Final Answer:

    ssh -L 8080:target:80 user@compromised -> Option A

  4. Quick Check:

    SSH tunneling = pivoting method [OK]
Hint: Pivoting uses SSH tunnels like ssh -L [OK]
Common Mistakes:
  • Choosing ping or tracert which are just network tests
  • Confusing netstat with pivoting
  • Not recognizing SSH port forwarding syntax
3. After compromising a machine inside a network, which command sequence best demonstrates pivoting to access another internal host on port 3389?
medium
A. ssh -D 3389 user@compromised
B. ssh -L 3389:192.168.10.5:3389 user@compromised
C. ssh -R 3389:192.168.10.5:3389 user@compromised
D. ssh user@192.168.10.5 -p 3389

Solution

  1. Step 1: Understand SSH port forwarding types

    Local forwarding (-L) forwards a local port to a remote host:port, enabling pivoting.

  2. Step 2: Match command to pivoting goal

    ssh -L 3389:192.168.10.5:3389 user@compromised forwards local port 3389 to internal host 192.168.10.5 port 3389 via compromised machine, enabling access.

  3. Final Answer:

    ssh -L 3389:192.168.10.5:3389 user@compromised -> Option B

  4. Quick Check:

    Local port forwarding = pivoting access [OK]
Hint: Use ssh -L for local port forwarding pivot [OK]
Common Mistakes:
  • Confusing -L (local) with -R (remote) forwarding
  • Using -D which is dynamic SOCKS proxy, not direct pivot
  • Trying direct ssh to internal host without pivot
4. You tried to pivot using ssh -R 9000:10.0.0.5:80 user@compromised but cannot access the service on port 9000 locally. What is the most likely issue?
medium
A. You need to use -L instead of -R for local access
B. The target IP 10.0.0.5 is unreachable from compromised machine
C. Port 9000 is blocked by firewall on compromised machine
D. The remote port forwarding (-R) does not expose ports on the local machine

Solution

  1. Step 1: Understand difference between -L and -R

    -L forwards local port to remote host; -R forwards remote port to local host.

  2. Step 2: Identify access goal

    If you want to access the service locally on port 9000, you need local forwarding (-L), not remote (-R).

  3. Final Answer:

    You need to use -L instead of -R for local access -> Option A

  4. Quick Check:

    Local access requires -L, not -R [OK]
Hint: Use -L for local, -R for remote port forwarding [OK]
Common Mistakes:
  • Mixing up -L and -R options
  • Assuming remote forwarding exposes local ports
  • Ignoring firewall or network reachability
5. During a penetration test, you have compromised a Linux server inside a network. You want to access a Windows machine on the internal network that only allows RDP on port 3389. Which sequence of actions best achieves pivoting to the Windows machine?
hard
A. Install antivirus on Linux server to monitor Windows traffic
B. Run a port scan from your machine directly on Windows IP to find open ports
C. Use remote desktop client to connect directly to Windows IP from your machine
D. Set up SSH local port forwarding from your machine to Windows RDP port via compromised Linux server

Solution

  1. Step 1: Recognize network restrictions

    Direct access to Windows machine is blocked; only accessible via compromised Linux server inside network.

  2. Step 2: Use SSH local port forwarding

    Set up SSH tunnel from your local machine forwarding a local port to Windows machine's RDP port through Linux server.

  3. Step 3: Connect via forwarded port

    Use RDP client to connect to local forwarded port, effectively pivoting through Linux server.

  4. Final Answer:

    Set up SSH local port forwarding from your machine to Windows RDP port via compromised Linux server -> Option D

  5. Quick Check:

    Pivoting = SSH tunnel + local port forwarding [OK]
Hint: Pivot by tunneling RDP through compromised Linux server [OK]
Common Mistakes:
  • Trying direct connection ignoring network restrictions
  • Confusing port scanning with pivoting
  • Installing unrelated software like antivirus