CompTIA PenTest+ Exam: Windows Server Misconfigured Service Permissions Exploitation

Explore Misconfigured Service Permissions on Windows Server - CompTIA PenTest+ Exam

Question

A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions.

Which of the following commands would help the tester START this process?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

B.

https://infosecwriteups.com/privilege-escalation-in-windows-380bee3a2842

In this scenario, the penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions.

To begin this process, the tester needs to obtain a tool that will help them identify misconfigured service permissions. The tool that is commonly used for this purpose is AccessChk.

Option A suggests using the certutil command to download AccessChk from a remote server. The command starts by invoking certutil to download the file from the specified URL, and then uses the "split" command to split the file into smaller chunks. Finally, the command saves the downloaded file with the name "accesschk64.exe". This option is a valid way to obtain the AccessChk tool.

Option B suggests using PowerShell to upload a file to a remote server. This command is not directly related to obtaining AccessChk, and it is unlikely to be useful for exploring misconfigured service permissions.

Option C suggests using the schtasks command to query the scheduled tasks on the server. This command is not directly related to obtaining AccessChk or exploring misconfigured service permissions.

Option D suggests using the wget command to download AccessChk from a remote server. The command starts by invoking wget to download the file from the specified URL, and then saves the downloaded file with the name "accesschk64.exe". This option is also a valid way to obtain the AccessChk tool.

In conclusion, options A and D are valid commands that the penetration tester can use to obtain the AccessChk tool and start exploring misconfigured service permissions. Option B and C are not directly related to the task at hand and are less useful in this scenario.