GIAC
GCIH · Question #687
GCIH Question #687: Real Exam Question with Answer & Explanation
The correct answer is D: Enumerating the SIDs of all users defined locally on the target server. This question tests understanding of the rpcclient tool and the lsaenumsid subcommand used for enumerating Security Identifiers on a remote Windows host.
Reconnaissance, Scanning, and Enumeration
Question
What is the Linux administrator doing with the commands below? $ rpcclient -U fezzik florin rpcclient $> lsaenumsid
Options
- AResolving SIDs to usernames on the target server
- BDisplaying the rights associated with a SID on the target server
- CListing the privileges associated with a SID defined locally on the target server
- DEnumerating the SIDs of all users defined locally on the target server
Explanation
This question tests understanding of the rpcclient tool and the lsaenumsid subcommand used for enumerating Security Identifiers on a remote Windows host.
Common mistakes.
- A. Resolving SIDs to human-readable usernames requires the 'lookupsids' subcommand in rpcclient, not lsaenumsid.
- B. Displaying the rights or privileges associated with a specific SID requires commands such as 'lsaenumprivsaccount', not lsaenumsid.
- C. Listing privileges for a particular SID requires 'lsaenumprivsaccount' targeted at a named SID, whereas lsaenumsid enumerates all SIDs indiscriminately without filtering by privilege.
Concept tested. rpcclient lsaenumsid remote SID enumeration
Reference. https://www.samba.org/samba/docs/current/man-html/rpcclient.1.html
Topics
#rpcclient#SID enumeration#Active Directory#Windows enumeration
Community Discussion
No community discussion yet for this question.