After gaining access to a previous system, a penetration tester runs an Nmap scan against a network with the following results:
The tester then runs the following command from the previous exploited system, which fails:
Which of the following explains the reason why the command failed?
The scan results show that port 5985, which is used by Windows Remote Management (WinRM) and the default port for PowerShell remoting, is open on the IP address 192.168.10.10. PowerShell remoting uses this port to establish remote sessions, and since the command attempts to use 192.168.10.11, which does not have port 5985 open, the command fails. Therefore, the command failed due to the incorrect IP address input.
Answer is A. Enter-Pssession uses 5985 as the default port.
Answer is C. Enter-pssession is for rdp. The the credentials being supplied are not there.
Enter-PSSession is not RDP. RDP creates a UI to administer the machine using normal methods. The tester is trying to use WinRM which is the open port 5985, and Enter-PSSession uses 5985…
abdulrishad can you do us all a favour and not comment until you have the faintest idea ofwhat you're on about. You've commented on this thread 9 times with multiple different answers and i'm actually embarassed for you
This one is A. From Microsoft, "To use the default ports for PowerShell remoting, specify port 5985 for HTTP or 5986 for HTTPS." Source: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enter-pssession?view=powershell-7.3 Host 192.168.10.10 shows port 5985 open, so this is the correct host for connecting with remote Powershell (Enter-PSSession). The host 192.168.10.11 had RDP open (port 3389) but remote Powershell does not use RDP, it uses ports 5985/5986.
The reason why the command failed is most likely due to option C, which means that an account for Remote Desktop Protocol (RDP) does not exist on the server. The command "Enter-PSSession -ComputerName 192.168.10.11 -Credential $cred" is used to establish a PowerShell session on a remote computer with the specified IP address. This command requires the target system to have PowerShell remoting enabled, and the user must have appropriate permissions on the remote system. The Nmap scan results show that port 3389, which is used for RDP, is open on the target system 192.168.10.11. Therefore, the assumption is that the tester intended to establish an RDP connection to this system but found that there is no account set up for RDP.
Option A, "The tester input the incorrect IP address," is possible but less likely given that the Nmap scan results show that the target system is up and responding on the specified IP address. Option B, "The command requires the -port 135 option," is incorrect since the command does not require a specific port to be specified. Option D, "PowerShell requires administrative privilege," is not relevant to this issue since the command does not require administrative privilege. However, administrative privilege may be required to set up an RDP account on the target system.
The Nmap scan results show that port 5985 is open on IP address 192.168.10.10. This is the default port used by WinRM (Windows Remote Management), which is used by PowerShell to establish remote sessions. However, based on the command used by the tester, they were attempting to establish a remote PowerShell session with IP address 192.168.10.11, which may not have the necessary WinRM configuration to allow remote PowerShell connections. Therefore, the command failed because the tester input the incorrect IP address.
The command 'enter-pssession -computername 192.168.10.11 -credential $cred' will establish a PowerShell session on the remote computer with the IP address '192.168.10.11' using the credentials stored in variable '$cred'. 'enter-pssession' is not used for Remote Desktop Protocol (RDP). It is used to establish a PowerShell session on a remote computer.
C is correct?
I think A is correct type wrong IP add
5985 is WinRM which you connect to by using PSSession. Enter-PSSession does not use the RDP port, but rather WinRM to execute CLI commands…
Yes A is the answer
A for sure. C does not make sense.
C. An account for RDP does not exist on the server. Explanation: • RDP (Remote Desktop Protocol) requires a valid user account with appropriate permissions on the target server to establish a remote desktop session. • The scan shows that port 3389 (used by RDP) is open on 192.168.10.11 but not on 192.168.10.10. • If the penetration tester attempted to use RDP to access 192.168.10.11 without a valid user account or with incorrect credentials, the connection would fail.
If you specify a connection URI with a Transport segment, but do not specify a port, the session is created by using standards ports: 80 for HTTP and 443 for HTTPS. To use the default ports for PowerShell remoting, specify port 5985 for HTTP or 5986 for HTTPS. Enter-PSSession (Microsoft.PowerShell.Core) Microsoft Learn https://learn.microsoft.com › en-us › powershell › module
Enter-Pssession uses port 5985 that is found on the other address.
The command Enter-PSSession is used to establish a remote PowerShell session on a target system. In this case, the command failed most likely because there is no account set up for Remote Desktop Protocol (RDP) on the target system at IP address 192.168.10.11. The Nmap scan results indicate that port 3389 (used for RDP) is open on that system, but it's possible that there is no active RDP account configured, or there might be restrictions in place that prevent remote PowerShell sessions.
Based on the provided information, the best answer would be (C) An account for RDP does not exist on the server. The Nmap scan indicates that port 3389, which is used for RDP, is open on the target system 192.168.10.11. However, the Enter-PSSession command is specifically used to create a remote PowerShell session, not an RDP session. Therefore, the command would fail if there is no account on the target system that can be used for remote PowerShell access, or if the account credentials supplied in the $cred variable are incorrect.
The IP is not incorrect, there are two IP's listed. C is the correct answer
previous system just one IP add and again type IP Wrong so A is answer
5985 is WinRM which you connect to by using PSSession. Enter-PSSession does not use the RDP port, but rather WinRM to execute CLI commands
A is correct answer
A is the correct previous IP add 192.168.10.10 again scan 192.168.10.11 wong ip add type The tester input the incorrect IP address