A penetration tester has discovered through automated scanning that a Tomcat server allows for the use of default credentials. Using default credentials, the tester is able to upload WAR files to the server.
Which of the following is the MOST likely post-exploitation step?
A. Upload a customized /etc/shadow file.
B. Monitor network traffic
C. Connect via SSH using default credentials.
D. Install web shell on the server.