CompTIA PenTest+ (PT0-002) — Question 155

A penetration tester has extracted password hashes from the lsass.exe memory process. Which of the following should the tester perform NEXT to pass the hash and provide persistence with the newly acquired credentials?

Answer options

• A. Use Patator to pass the hash and Responder for persistence.
• B. Use Hashcat to pass the hash and Empire for persistence.
• C. Use a bind shell to pass the hash and WMI for persistence.
• D. Use Mimikatz to pass the hash and PsExec for persistence.

Correct answer: D

Explanation

The correct choice is D, as Mimikatz is specifically designed to extract and use password hashes effectively, and PsExec allows for remote execution of commands on Windows systems, facilitating persistence. Options A, B, and C are incorrect because they either use tools that are not intended for passing hashes (like Patator and Hashcat) or do not provide the same level of effectiveness in this context as Mimikatz and PsExec.