CompTIA PenTest+ (PT0-003) — Question 123

During a penetration test, a tester compromises a Windows computer. The tester executes the following command and receives the following output:

mimikatz # privilege::debug
mimikatz # lsadump::cache

-Output---
lapsUser
27dh9128361tsg264592101387541j
--OutputEnd--

Which of the following best describes what the tester plans to do by executing the command?

Answer options

• A. The tester plans to perform the first step to execute a Golden Ticket attack to compromise the Active Directory domain.
• B. The tester plans to collect application passwords or hashes to compromise confidential information within the local computer.
• C. The tester plans to use the hash collected to perform lateral movement to other computers using a local administrator hash.
• D. The tester plans to collect the ticket information from the user to perform a Kerberoasting attack on the domain controller.

Correct answer: C

Explanation

The correct answer is C because the command executed, specifically 'lsadump::cache', retrieves cached credentials which can be used for lateral movement across other systems in the network. Option A is incorrect as it pertains to a Golden Ticket attack which is not indicated here, option B is misleading because the focus is on hashes rather than application passwords, and option D is incorrect as it relates to Kerberoasting, which is not relevant to the command output shown.