A penetration tester used a client-side browser exploit from metasploit to get an unprivileged shell prompt on the target Windows desktop. The penetration tester then tried using the getsystem command to perform a local privilege escalation which failed. Which of the following could resolve the problem?
The correct approach to resolve the problem is to load the priv module and try getsystem again. The getsystem command is part of the priv module in Metasploit, which needs to be loaded before attempting to escalate privileges. Loading this module ensures all necessary functionalities for privilege escalation are available. Running getuid or getpriv commands are not required steps for making getsystem succeed.
I think A is appropriate. She can get the same result with B, but getuid is not required for the getsystem to succeed.