GCIH · Question #669
Which of the following occurs when a penetration tester attempts to connect to a host with the following command? net use \\192.168.44.213
The correct answer is B. Local logon credentials will be sent to 192.168.44.213. Running 'net use' against a remote host triggers NTLM authentication, which sends the current user's local logon credentials to the target machine.
Question
Which of the following occurs when a penetration tester attempts to connect to a host with the following command? net use \192.168.44.213
Options
- AGuest user account permissions will be granted
- BLocal logon credentials will be sent to 192.168.44.213
- CIPC$ share returns a list of running processes
- DHost at 192.168.44.213 will exchange a temporary authentication key
How the community answered
(66 responses)- A3% (2)
- B77% (51)
- C14% (9)
- D6% (4)
Why each option
Running 'net use' against a remote host triggers NTLM authentication, which sends the current user's local logon credentials to the target machine.
Guest permissions are not automatically granted; Windows uses the currently logged-in user's credentials unless explicitly overridden with the /user: flag or anonymous access is configured on the target.
When 'net use' is executed against a remote host without specifying explicit credentials, Windows automatically attempts authentication using the current user's logon session via NTLM. This credential exchange is transparent and sends the username along with an NTLM challenge-response hash derived from the local logon password to the target host at 192.168.44.213.
The IPC$ share is an interprocess communication share used for named pipe connections, not a mechanism that returns a list of running processes.
Exchanging a temporary authentication key describes aspects of Kerberos ticket-granting service operations, not the NTLM challenge-response mechanism used by 'net use'.
Concept tested: NTLM credential passing via net use command
Source: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/gg651155(v=ws.11)
Topics
Community Discussion
No community discussion yet for this question.