PT0-003 · Question #194
PT0-003 Question #194: Real Exam Question with Answer & Explanation
The correct answer is A: Use Mimikatz to collect information about the accounts and try to authenticate in other systems. Since the tester has compromised a Windows machine and bypassed security, the best next step is to extract credentials from memory to move laterally within Active Directory. Mimikatz extracts hashed credentials, plaintext passwords, and Kerberos tickets from memory. Attackers use
Question
During an internal penetration test, a tester compromises a Windows OS-based endpoint and bypasses the defensive mechanisms. The tester also discovers that the endpoint is part of an Active Directory (AD) local domain. The tester's main goal is to leverage credentials to authenticate into other systems within the Active Directory environment. Which of the following steps should the tester take to complete the goal?
Options
- AUse Mimikatz to collect information about the accounts and try to authenticate in other systems
- BUse Hashcat to crack a password for the local user on the compromised endpoint
- CUse Evil-WinRM to access other systems in the network within the endpoint credentials
- DUse Metasploit to create and execute a payload and try to upload the payload into other systems
Explanation
Since the tester has compromised a Windows machine and bypassed security, the best next step is to extract credentials from memory to move laterally within Active Directory. Mimikatz extracts hashed credentials, plaintext passwords, and Kerberos tickets from memory. Attackers use Pass-the-Hash (PtH) or Pass-the-Ticket (PtT) to authenticate on other systems without cracking passwords.
Topics
Community Discussion
No community discussion yet for this question.