PT0-002 · Question #586
PT0-002 Question #586: Real Exam Question with Answer & Explanation
The correct answer is B: When a computer or server was compromised and the tester wants to move laterally. Mimikatz is a powerful post-exploitation tool used primarily on Windows systems to extract sensitive information, such as plaintext credentials, hashes, Kerberos tickets, and more. A penetration tester might use Mimikatz in this scenario to: 1. Extract plaintext passwords or NTLM
Question
A penetration tester managed to access an internal Windows workstation for a target company. The tester used Mimikatz during the post exploitation of this compromised host. Which of the following would be a relevant reason for the tester to use this tool?
Options
- AWhen a network device was compromised and the tester wants to have persistence on the
- BWhen a computer or server was compromised and the tester wants to move laterally
- CWhen the tester wants to test reactions to ransomware infections on servers and computers
- DWhen the tester wants to crack and capture password hashes
Explanation
Mimikatz is a powerful post-exploitation tool used primarily on Windows systems to extract sensitive information, such as plaintext credentials, hashes, Kerberos tickets, and more. A penetration tester might use Mimikatz in this scenario to: 1. Extract plaintext passwords or NTLM hashes from memory. 2. Dump credentials for lateral movement within the network. 3. Perform Pass-the-Hash or Pass-the-Ticket attacks to access other systems without needing plaintext passwords. This makes it particularly effective for lateral movement after gaining initial access to a workstation or server.
Topics
Community Discussion
No community discussion yet for this question.