Exploitation Basics

Answer: A reverse shell is when the target system connects back to the tester’s listener and provides command access. It’s common because outbound connections are often easier than inbound through firewalls. In professional work it must be authorized and controlled.

Tip: Explain in one line: “target calls back to you.”

Answer: A bind shell opens a listening port on the target that the tester connects to. It can be blocked by firewalls or network rules more easily than reverse shells. Understanding both helps explain common lab techniques.

Tip: Bind = target listens; Reverse = target connects out.

Answer: A PoC is a safe demonstration that a vulnerability is real and exploitable. It shows impact without causing unnecessary damage. Good PoCs are minimal, repeatable, and clearly documented.

Tip: Say: “prove it works—don’t break production.”

Answer: It’s gaining higher access than intended, like becoming admin. It can happen through broken access control, missing role checks, or insecure endpoints. The key is showing unauthorized actions are possible.

Tip: Mention “server-side role checks.”

Answer: Hashing stores passwords in one-way form instead of plaintext. Strong hashing (bcrypt/argon2) and salting makes cracking harder. Storing plaintext passwords is a critical security issue.

Tip: Mention “salt + slow hashing.”

Answer: Credential stuffing uses leaked username/password pairs from other breaches to attempt logins. It works because many users reuse passwords across sites. Defenses include MFA, rate limits, and bot detection.

Tip: Say “reused passwords + automation.”

Answer: Lateral movement is moving from one compromised account or system to others to expand access. In internal testing, it shows how one compromise can spread. Segmentation and least privilege reduce lateral movement.

Tip: Mention least privilege + segmentation.

Answer: An exploit chain is using multiple weaknesses together to reach a bigger impact. For example, an information leak plus IDOR might lead to full account takeover. A good pentest explains the chain clearly.

Tip: Small issues can combine into a critical outcome.

Answer: RCE means an attacker can execute commands or code on a remote server. It is usually critical because it can lead to full compromise and data loss. Pentesters validate carefully and avoid destructive actions.

Tip: Emphasize controlled validation + evidence.

Answer: A web shell is a script placed on a server that allows remote command execution through a web interface. It’s often associated with file upload issues or server compromise. In interviews, keep it high-level and focus on risk.

Tip: Keep it simple: “remote control via a web script.”