Exam PT0-002 topic 1 question 78 discussion

Answer is A. Enter-Pssession uses 5985 as the default port.

Answer is C. Enter-pssession is for rdp. The the credentials being supplied are not there.

According to chatgpt: Given the above analysis, Option A ("The tester input the incorrect IP address") is likely the correct answer. The tester attempted to connect to a machine (192.168.10.11) where port 5985 is not open, which is needed for PowerShell remoting by default.

Enter-Pssession uses 5985 as the default port.

A for sure. C does not make sense.

C. An account for RDP does not exist on the server. Explanation: • RDP (Remote Desktop Protocol) requires a valid user account with appropriate permissions on the target server to establish a remote desktop session. • The scan shows that port 3389 (used by RDP) is open on 192.168.10.11 but not on 192.168.10.10. • If the penetration tester attempted to use RDP to access 192.168.10.11 without a valid user account or with incorrect credentials, the connection would fail.

If you specify a connection URI with a Transport segment, but do not specify a port, the session is created by using standards ports: 80 for HTTP and 443 for HTTPS. To use the default ports for PowerShell remoting, specify port 5985 for HTTP or 5986 for HTTPS. Enter-PSSession (Microsoft.PowerShell.Core) Microsoft Learn https://learn.microsoft.com › en-us › powershell › module

Enter-Pssession uses port 5985 that is found on the other address.

The command Enter-PSSession is used to establish a remote PowerShell session on a target system. In this case, the command failed most likely because there is no account set up for Remote Desktop Protocol (RDP) on the target system at IP address 192.168.10.11. The Nmap scan results indicate that port 3389 (used for RDP) is open on that system, but it's possible that there is no active RDP account configured, or there might be restrictions in place that prevent remote PowerShell sessions.

The reason why the command failed is most likely due to option C, which means that an account for Remote Desktop Protocol (RDP) does not exist on the server. The command "Enter-PSSession -ComputerName 192.168.10.11 -Credential $cred" is used to establish a PowerShell session on a remote computer with the specified IP address. This command requires the target system to have PowerShell remoting enabled, and the user must have appropriate permissions on the remote system. The Nmap scan results show that port 3389, which is used for RDP, is open on the target system 192.168.10.11. Therefore, the assumption is that the tester intended to establish an RDP connection to this system but found that there is no account set up for RDP.

This one is A. From Microsoft, "To use the default ports for PowerShell remoting, specify port 5985 for HTTP or 5986 for HTTPS." Source: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enter-pssession?view=powershell-7.3 Host 192.168.10.10 shows port 5985 open, so this is the correct host for connecting with remote Powershell (Enter-PSSession). The host 192.168.10.11 had RDP open (port 3389) but remote Powershell does not use RDP, it uses ports 5985/5986.

Based on the provided information, the best answer would be (C) An account for RDP does not exist on the server. The Nmap scan indicates that port 3389, which is used for RDP, is open on the target system 192.168.10.11. However, the Enter-PSSession command is specifically used to create a remote PowerShell session, not an RDP session. Therefore, the command would fail if there is no account on the target system that can be used for remote PowerShell access, or if the account credentials supplied in the $cred variable are incorrect.

The Nmap scan results show that port 5985 is open on IP address 192.168.10.10. This is the default port used by WinRM (Windows Remote Management), which is used by PowerShell to establish remote sessions. However, based on the command used by the tester, they were attempting to establish a remote PowerShell session with IP address 192.168.10.11, which may not have the necessary WinRM configuration to allow remote PowerShell connections. Therefore, the command failed because the tester input the incorrect IP address.

abdulrishad can you do us all a favour and not comment until you have the faintest idea ofwhat you're on about. You've commented on this thread 9 times with multiple different answers and i'm actually embarassed for you

The IP is not incorrect, there are two IP's listed. C is the correct answer

A is correct answer

The command 'enter-pssession -computername 192.168.10.11 -credential $cred' will establish a PowerShell session on the remote computer with the IP address '192.168.10.11' using the credentials stored in variable '$cred'. 'enter-pssession' is not used for Remote Desktop Protocol (RDP). It is used to establish a PowerShell session on a remote computer.