A penetration tester assesses an application allow list and has limited command-line access on the Windows system. Which of the following would give the penetration tester information that could aid in continuing the test?
Correct Answer:
C
When a penetration tester has limited command-line access on a Windows system, the choice of tool is critical for gathering information to aid in furthering the test. Here??s an explanation for each option:
✑ mmc.exe (Microsoft Management Console):
✑ icacls.exe:
✑ nltest.exe:
✑ rundll.exe:
Conclusion: nltest.exe is the best choice among the given options as it provides valuable information about the network, domain controllers, and trust relationships. This information is crucial for a penetration tester to plan further actions and understand the domain environment.
=================
During a security assessment for an internal corporate network, a penetration tester wants to gain unauthorized access to internal resources by executing an attack that uses software to disguise itself as legitimate software. Which of the following host-based attacks should the tester use?
Correct Answer:
C
A rootkit is a type of malicious software designed to provide an attacker with unauthorized access to a computer system while concealing its presence. Rootkits achieve this by modifying the host??s operating system or other software to hide their existence, allowing the attacker to maintain control over the system without detection.
✑ Definition and Purpose:
✑ Mechanisms of Action:
✑ Detection and Prevention:
✑ Real-World Examples:
✑ References from Pentesting Literature: Step-by-Step ExplanationReferences:
✑ Penetration Testing - A Hands-on Introduction to Hacking
✑ HTB Official Writeups on sophisticated attacks
=================
A penetration tester needs to collect information over the network for further steps in an internal assessment. Which of the following would most likely accomplish this goal?
Correct Answer:
C
To collect information over the network, especially during an internal assessment, tools that can capture and analyze network traffic are essential. Responder is specifically designed for this purpose, and it can capture NTLM hashes and other credentials by poisoning various network protocols. Here??s a breakdown of the options:
✑ Option A: ntlmrelayx.py -t 192.168.1.0/24 -1 1234
✑ Option B: nc -tulpn 1234 192.168.1.2
✑ Option C: responder.py -I eth0 -wP
✑ Option D: crackmapexec smb 192.168.1.0/24
References from Pentest:
✑ Anubis HTB: Highlights the use of Responder to capture network credentials and hashes during internal assessments.
✑ Horizontall HTB: Demonstrates the effectiveness of Responder in capturing and analyzing network traffic for further exploitation.
=================
A penetration tester is compiling the final report for a recently completed engagement. A junior QA team member wants to know where they can find details on the impact, overall security findings, and high-level statements. Which of the following sections of the report would most likely contain this information?
Correct Answer:
C
In the final report for a penetration test engagement, the section that most likely contains details on the impact, overall security findings, and high-level statements is the executive summary. Here??s why:
✑ Purpose of the Executive Summary:
✑ Contents of the Executive Summary:
✑ Comparison to Other Sections:
=================
