Which of the following would give the penetration tester information that could aid in continuing the test?

A penetration tester assesses an application allow list and has limited command-line access on the Windows system.

Which of the following would give the penetration tester information that could aid in continuing the test?
A . mmc.exe
B . icacls.exe
C . nltest.exe
D . rundll.exe

View Answer

Answer: C

Explanation:

When a penetration tester has limited command-line access on a Windows system, the choice of tool is critical for gathering information to aid in furthering the test. Here’s an explanation for each option:

mmc.exe (Microsoft Management Console):

Primarily used for managing Windows and its services. It’s not typically useful for gathering information about the system from the command line in a limited access scenario. icacls.exe:

This tool is used for modifying file and folder permissions. While useful for modifying security settings, it does not directly aid in gathering system information or enumeration. nltest.exe:

This is a powerful command-line utility for network testing and gathering information about domain controllers, trusts, and replication status. Key functionalities include: Listing domain controllers: nltest /dclist:<DomainName>

Querying domain trusts: nltest /domain_trusts

Checking secure channel: nltest /sc_query:<DomainName>

These capabilities make nltest very useful for understanding the network environment, especially in a domain context, which is essential for penetration testing.

rundll.exe:

This utility is used to run DLLs as programs. While it can be used for executing code, it does not provide direct information about the system or network environment.

Conclusion: nltest.exe is the best choice among the given options as it provides valuable information about the network, domain controllers, and trust relationships. This information is crucial for a penetration tester to plan further actions and understand the domain environment.