PT0-003 · Question #265
PT0-003 Question #265: Real Exam Question with Answer & Explanation
The correct answer is C: Enumerate privileges. Explanation xp_cmdshell is a Microsoft SQL Server extended stored procedure that allows execution of operating system shell commands directly from SQL Server, and whoami /all is a Windows command that displays the current user's identity along with all group memberships and privi
Question
During an assessment, a penetration tester obtains access to a Microsoft SQL server using sqlmap and runs the following command: sql> xp_cmdshell whoami /all Which of the following is the tester trying to do?
Options
- AList database tables
- BShow logged-in database users
- CEnumerate privileges
- DDisplay available SQL commands
Explanation
Explanation
xp_cmdshell is a Microsoft SQL Server extended stored procedure that allows execution of operating system shell commands directly from SQL Server, and whoami /all is a Windows command that displays the current user's identity along with all group memberships and privileges - making privilege enumeration the clear goal here. Option A is incorrect because listing database tables would use SQL commands like SELECT * FROM information_schema.tables, not OS-level shell commands. Option B is wrong because showing logged-in database users would use queries like SELECT loginame FROM sysprocesses, not a Windows OS command. Option D is incorrect because xp_cmdshell bypasses SQL entirely to execute system commands, so it has nothing to do with displaying available SQL syntax.
Memory Tip: Think of whoami /all as the Windows command that tells you "who am I and what can I do?" - the /all flag is the key giveaway, as it specifically requests privilege and group information. Whenever you see whoami /all on an exam, think privilege enumeration.
Topics
Community Discussion
No community discussion yet for this question.