A penetration tester receives the following output when enumerating a local user:User compromised_user may run...

The correct answer is B. ssh compromised_user@victimhost " sudo -l "

The output shown in the question is produced by the sudo -l command, which lists the commands a user is allowed to run with elevated privileges.

The key finding is:

root (NO PASSWD): /bin/vim

This means compromised_user can run /bin/vim as root without entering a password. That is a local privilege escalation risk because vim can be abused to execute commands with elevated privileges when permitted through sudo.

To validate whether another host has the same weakness, the tester should enumerate that user’s sudo privileges on the other host:

ssh compromised_user@victimhost " sudo -l "

A is incorrect because running vim only confirms that the program can execute, not that it can be run as root through sudo.

C is incorrect because running bash -c vim only starts vim through Bash and does not validate sudo permissions.

D is incorrect because listing /bin/vim only confirms the file exists and shows file permissions. The vulnerability is the sudo misconfiguration, not the presence of the vim binary.