I would go for A. – accesschk is a command line tool designed to show what kind of accesses specific users or groups have to resources including files, directories, Registry keys, global objects and Windows services. In this scenario, I believe the pentester is using accesschk to search C:\Windows folder recursively showing all folders the account has write (rw) access to.
https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk
-w Show only objects that have write access
-s Recurse
-q Omit Banner
-u Suppress errors
As is often the case, I do not see where the reference supports the answer. I understand that jtr.exe is the password cracking tool "John the Ripper" but that does not prove the problem here is insecure file permissions. Is the following the command that demonstrates insecure file permissions?
C:\>copy %userprofile%\jtr.exe C:\Windows\Tracing
looks like he was blocked in one dir, checked his access in that /Tracing dir (saw read-write) copied payload over to /Tracing and ran it from there...just my take...had no permission on one file, had permission on another...answer seems to check out IMO
witeable services also use accesschk, but with different flags. insecure file permissions will involve moving a file to a directory with more permissions, i.e., read and wrire (rw). writable services will literally show a service being set to the malicious file. A is correct.
D. Similar question from Jason Dion practice:
Some Windows services are run with SYSTEM privileges and may have been misconfigured by the administrator. In this case, Jason used the accesschk tool from SysInternals to find any writeable services that his user account could access. One was returned: Apache. He then stopped the service and rewrote the binary path loaded by the service to "net localgroup administrators jason /add", which will be run the next time the service is started. This will add Jason's user account (jason) to the administrators group. Next, he started the service, completing his privilege escalation through the use of writeable services.
I was reading Jasons study guide and its definition of writable services doesn't match,
● Writable services
o Using PSExec, a service can be replaced with a custom service that runs a command shell (cmd.exe)
o Unsecure File and Folder Permissions
▪ Older versions of Windows allow administrators to access any non-admin user’s files and folders
▪ Can lead to DLL hijacking and malicious file installations on a non-admin targeted user
Ill go for A, according to definitions, I have leaned that CompTIA is picky when it comes to that
maybe the answer is D
because writable service uses accesschk
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.PT0-001 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mr_robot
Highly Voted 5 years agoD1960
Highly Voted 5 years, 1 month agowho__cares123456789___
4 years, 3 months agokloug
Most Recent 2 years, 2 months agomiabe
2 years, 9 months agobrandonl
3 years, 1 month agowjy920108
3 years, 5 months agoTitoChuz
3 years, 2 months agotriapila
3 years, 9 months ago