CompTIA PenTest+ (PT0-003) — Question 30

During an internal penetration test, a tester compromises a Windows OS-based endpoint and bypasses the defensive mechanism on that system. The tester also discovers the endpoint is part of an Active Directory local domain. The tester’s main goal is to leverage credentials to authenticate into other systems within the Active Directory environment. Which of the following steps should the tester take to complete the goal?

Answer options

• A. Use Mimikatz to collect information about the accounts and try to authenticate in other systems.
• B. Use hasheat to crack a password for the local user on the compromised endpoint.
• C. Use Evil-WinRM to access other systems in the network within the endpoint credentials.
• D. Use Metasploit to create and execute a payload and try to upload the payload into other systems.

Correct answer: A

Explanation

The correct answer is A because Mimikatz is specifically designed for extracting credentials from Windows systems, allowing the tester to authenticate to other systems in the Active Directory. Option B is incorrect as cracking a password does not directly leverage existing credentials for authentication. Option C, while useful, does not focus on credential extraction, and option D involves creating a payload rather than utilizing existing credentials, making it less relevant for the tester's goal.