A penetration tester is assessing a network and identifies a multihomed host configured as a web server. The tester plans to exploit a vulnerability in the web server to gain access to the internal network. Which of the following actions should the tester take to effectively utilize the multihomed host for network penetration?

Pivoting through a multihomed host is the key idea. When a server sits on two networks—one exposed to the internet and another connected to the internal network—the attacker can use a foothold gained on that host to reach internal systems that aren’t directly reachable from the outside. Exploiting the web server vulnerability on that host lets the tester establish a presence on the internal-facing side and move further into the network from there, demonstrating how an otherwise isolated internal segment can be accessed via a compromised boundary asset. Patching the web server from the internet wouldn’t help the attacker reach internal hosts, disabling the server would prevent the test, and moving laterally with another host wouldn’t leverage the bridge provided by the multihomed setup.