A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop. Which of the following can be used to ensure the tester is able to maintain access to the system?
A.
schtasks /create /sc /ONSTART /tr C:\Temp|WindowsUpdate.exe
The "schtasks" command is used to manage scheduled tasks in Windows. By creating a new scheduled task with the "/sc ONSTART" option, the task will be triggered when the system starts up, ensuring persistence.
The "/tr" option is used to specify the command or program to be executed by the scheduled task. In this case, the command "C:\Temp\WindowsUpdate.exe" is specified. The tester can replace this with a backdoor or a malicious payload that allows them to maintain access to the compromised system.
This command creates a scheduled task that runs a program every time the system starts. In this case, it creates a task that runs a program located in the C:\Temp folder named WindowsUpdate.exe. By using this command, the penetration tester can ensure that their backdoor program will run every time the system starts, allowing them to maintain access to the system.
Option A: schtasks /create /sc /ONSTART /tr C:\Temp|WindowsUpdate.exe creates a scheduled task that runs on system startup, but it does not ensure the penetration tester maintains access to the system.
Option C: crontab -l; echo ג€@reboot sleep 200 && ncat -lvp 4242 -e /bin/bashג€) | crontab 2>/dev/null creates a new cron job that listens on port 4242 and launches a reverse shell on incoming connections. This command ensures that the penetration tester maintains access to the system even if they lose their initial foothold.
This code is attempting to use the schtasks command to create a scheduled task. The schtasks command is a Windows command line utility used to manage scheduled tasks. This command can be used to automate certain tasks in order to make them run on a regular basis, such as running Windows updates at a certain time of day. The /create argument creates a new scheduled task, the /sc argument specifies the schedule for the task, the /ONSTART argument specifies when the task should start (in this case when the computer starts), and the /tr argument specifies which command or program to run.
This section is not available anymore. Please use the main Exam Page.PT0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Pokok2021
Highly Voted 1 year, 7 months agoRightAsTain
1 year, 6 months agoTreebeard88
Highly Voted 1 year, 5 months agoNONS3c
Most Recent 3 weeks, 6 days agobieecop
9 months, 1 week agocy_analyst
1 year agofirmzeal
1 year agofirmzeal
1 year agoOnA_Mule
12 months agonickwen007
1 year, 1 month ago[Removed]
1 year, 1 month agopetercorn
1 year, 6 months agoryanzou
1 year, 6 months ago