GPEN · Question #480
GPEN Question #480: Real Exam Question with Answer & Explanation
The correct answer is B. Run getuid command, then getpriv command, and try getsystem again. When getsystem fails in Meterpreter, running getuid to confirm user context and getprivs to enumerate and enable token privileges can expose missing privileges needed for local privilege escalation to succeed.
Question
Options
- ALoad priv module and try getsystem again
- BRun getuid command, then getpriv command, and try getsystem again
- CRun getuid command and try getsystem again
- DUse getprivs command instead of getsystem
Explanation
When getsystem fails in Meterpreter, running getuid to confirm user context and getprivs to enumerate and enable token privileges can expose missing privileges needed for local privilege escalation to succeed.
Common mistakes.
- A. In modern Metasploit, priv extension functionality is built into Meterpreter by default and does not need to be loaded separately, so this step alone does not address why getsystem failed.
- C. Running getuid only reveals the current username and does not enable or modify token privileges, so getsystem would still fail for the same underlying reason.
- D. The getprivs command lists and attempts to enable privileges on the current token but does not itself perform escalation to SYSTEM, so it cannot replace getsystem.
Concept tested. Meterpreter local privilege escalation with getsystem and token privileges
Reference. https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-basics.html
Community Discussion
No community discussion yet for this question.