CompTIA PenTest+ (PT0-002) — Question 349

A penetration tester issues the following command after obtaining a low-privilege reverse shell: wmic service get name,pathname,startmode

Which of the following is the most likely reason the penetration tester ran this command?

Answer options

• A. To search for passwords in the service directory
• B. To list scheduled tasks that may be exploitable
• C. To register a service to run as System
• D. To find services that have unquoted service paths

Correct answer: D

Explanation

The command helps the penetration tester to identify services with unquoted service paths, which can be exploited for privilege escalation. The other options do not align with the command's functionality; it does not search for passwords, list scheduled tasks, or register a service.