GIAC
GPEN · Question #392
GPEN Question #392: Real Exam Question with Answer & Explanation
The correct answer is B. Use the "ping" utility in a for loop to sweep the network.. Using the built-in Windows ping command inside a for loop allows a penetration tester to sweep an entire subnet for live hosts without installing any external tools.
Question
You have gained shell on a Windows host and want to find other machines to pivot to, but the rules of engagement state that you can only use tools that are already available. How could you find other machines on the target network?
Options
- AUse the "ping" utility to automatically discover other hosts
- BUse the "ping" utility in a for loop to sweep the network.
- CUse the "edit" utility to read the target's HOSTS file.
- DUse the "net share" utility to see who is connected to local shared drives.
Explanation
Using the built-in Windows ping command inside a for loop allows a penetration tester to sweep an entire subnet for live hosts without installing any external tools.
Common mistakes.
- A. The ping utility requires an explicit destination address or hostname and has no built-in automatic host-discovery or subnet-sweep capability on its own.
- C. The 'edit' command is a text editor that can open the local HOSTS file, but that file only contains manually configured static entries and does not reflect all active or reachable hosts on the network.
- D. The 'net share' command lists shares configured on the local machine or a specified remote system, and does not enumerate reachable hosts across the broader network subnet.
Concept tested. Native Windows ping sweep for live host discovery
Reference. https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/ping
Community Discussion
No community discussion yet for this question.