Joe, a penetration tester, has received basic account credentials and logged into a Windows system. To escalate his privilege, from which of the following places is he using Mimikatz to pull credentials?
Arguably, one of the most known forms of credential stealing is surrounding clear-text credentials by accessing lsass.exe. Almost synonymous with credential dumping is the popular tool Mimikatz, which is able to access the LSASS (Local Security Authority Subsystem Service) memory space and extract these clear-text credentials.
LSASS would be the first guess, but AD can be correct under the right circumstances using DCSync remotely, but this requires Admin rights to use or be on the DC locally. Both of which arent defined and i then fall back to my original answer A. LSASS.
LSASS would give you persistence but the machine only stores passwords as hashes so you would need to use minikatz to retrieve the hash from the machine and escalate via the active directory
A is correct :
Mimikatz is an open source Windows utility available for download from GitHub. First developed in 2007 to demonstrate a practical exploit of the Microsoft Windows Local Security Authority Subsystem Service, or LSASS, Mimikatz is capable of dumping account login information, including clear text passwords stored in system memory.
A.Mimikatz is a tool that was designed to harvest credentials from Windows memory
and disk. It is designed to be used as part of post-exploitation and requires elevated
credentials on a system to run. It has multiple modules and the ability to dump
credentials from LSASS, the registry, and various other credential stores. Mimikatz is
included in a number of other security tools, and is the most popular way to steal
credentials from memory.
Penetration testers often focus on using the easiest attack vector to achieve their
objectives. One common attack method is a tool called Mimikatz. It can steal cleartext
credentials from the memory of compromised Windows systems. When the WDigest
Authentication protocol is enabled, plaintext passwords are stored in the Local Security
Authority Subsystem Service (LSASS), exposing them to theft
Maybe: A. LSASS ?
According to Sybex Pentest Practice Tests: "Mimikatz is an open source utility that enables the viewing of credential information from
the Windows Local Security Authority Subsystem Service (LSASS) using its sekurlsa module"
upvoted 4 times
...
This section is not available anymore. Please use the main Exam Page.PT0-001 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
boblee
Highly Voted 4 years, 10 months agomr_robot
Highly Voted 5 years agoSetsunarcangel
3 years agokloug
Most Recent 2 years, 2 months agomiabe
2 years, 9 months agoNana1990
3 years agocuernov
3 years agoanonamphibian
3 years, 2 months agoDohJayVeh
3 years, 5 months agocarletten
3 years, 8 months agofarziuser
3 years, 8 months agoCybeSecN
3 years, 8 months agoCybeSecN
3 years, 8 months agosmalltech
3 years, 10 months agosn0wman321
5 years agoD1960
5 years ago