A penetration tester needs to launch an Nmap scan to find the state of the port for both TCP and UDP services. Which of the following commands should the tester use?
Correct Answer:
C
✑ Comparison with Other Options:
=================
A penetration tester has just started a new engagement. The tester is using a framework that breaks the life cycle into 14 components. Which of the following frameworks is the tester using?
Correct Answer:
B
The OSSTMM (Open Source Security Testing Methodology Manual) is a comprehensive framework for security testing that includes 14 components in its life cycle. Here??s why option B is correct:
✑ OSSTMM: This methodology breaks down the security testing process into 14
components, covering various aspects of security assessment, from planning to execution and reporting.
✑ OWASP MASVS: This is a framework for mobile application security verification
and does not have a 14-component life cycle.
✑ MITRE ATT&CK: This is a knowledge base of adversary tactics and techniques but does not describe a 14-component life cycle.
✑ CREST: This is a certification body for penetration testers and security professionals but does not provide a specific 14-component framework.
References from Pentest:
✑ Anubis HTB: Emphasizes the structured approach of OSSTMM in conducting comprehensive security assessments.
✑ Writeup HTB: Highlights the use of detailed methodologies like OSSTMM to cover all aspects of security testing.
Conclusion:
Option B, OSSTMM, is the framework that breaks the life cycle into 14 components, making it the correct answer.
=================
During an engagement, a penetration tester found some weaknesses that were common
across the customer??s entire environment. The weaknesses included the following:
✑ Weaker password settings than the company standard
✑ Systems without the company's endpoint security software installed
✑ Operating systems that were not updated by the patch management system
Which of the following recommendations should the penetration tester provide to address the root issue?
Correct Answer:
B
✑ Identified Weaknesses:
✑ Configuration Management System:
✑ Other Recommendations:
Pentest References:
✑ System Hardening: Ensuring all systems adhere to security baselines and configurations to reduce attack surfaces.
✑ Automation in Security: Using configuration management tools to automate security practices, ensuring compliance and reducing manual errors.
Implementing a configuration management system addresses the root issue by ensuring consistent security configurations, software deployments, and patch management across the entire environment.
=================
A penetration tester performs a service enumeration process and receives the following result after scanning a server using the Nmap tool:
PORT STATE SERVICE
22/tcp open ssh 25/tcp filtered smtp 111/tcp open rpcbind 2049/tcp open nfs
Based on the output, which of the following services provides the best target for launching an attack?
Correct Answer:
D
Based on the Nmap scan results, the services identified on the target server are as follows:
✑ 22/tcp open ssh:
✑ 25/tcp filtered smtp:
✑ 111/tcp open rpcbind:
✑ 2049/tcp open nfs:
Conclusion: The NFS service (2049/tcp) provides the best target for launching an attack. File sharing services like NFS often contain sensitive data and can be vulnerable to misconfigurations that allow unauthorized access or privilege escalation.
During an assessment, a penetration tester manages to get RDP access via a low-privilege user. The tester attempts to escalate privileges by running the following commands:
Import-Module .PrintNightmare.ps1
Invoke-Nightmare -NewUser "hacker" -NewPassword "Password123!" -DriverName "Print"
The tester attempts to further enumerate the host with the new administrative privileges by using the runas command. However, the access level is still low. Which of the following actions should the penetration tester take next?
Correct Answer:
A
In the scenario where a penetration tester uses the PrintNightmare exploit to create a new user with administrative privileges but still experiences low-privilege access, the tester should log off and log on with the new "hacker" account to escalate privileges correctly.
✑ PrintNightmare Exploit:
✑ Commands Breakdown:
✑ Issue:
✑ Solution:
Pentest References:
✑ Privilege Escalation: After gaining initial access, escalating privileges is crucial to gain full control over the target system.
✑ Session Management: Understanding how user sessions work and ensuring that new privileges are recognized by starting a new session.
✑ The use of the PrintNightmare exploit highlights a specific technique for privilege escalation within Windows environments.
By logging off and logging on with the new "hacker" account, the penetration tester can ensure the new administrative privileges are fully applied, allowing for further enumeration and exploitation of the target system.
=================
