eJPT - eLearnSecurity Junior Penetration Tester Post-Exploitation Techniques Questions and Answers

Question 1

A penetration tester has gained a shell on a public-facing web server (10.0.0.5).
During internal reconnaissance, they discover an internal network segment (192.168.1.0/24) connected to the server's second network interface.
To scan this internal network from their attack machine, which technique must they employ?

Accepted Answer

Pivoting

Answer

DNS Zone Transfer

Answer

Credential Stuffing

Answer

Brute-Forcing

Question 2

Which of the following is a common method for achieving persistence on a Linux system, ensuring a backdoor or reverse shell is re-established after a system reboot?

Accepted Answer

Creating a cron job

Answer

Modifying the /etc/hosts file

Answer

Adding a new entry to the Windows Registry Run key

Answer

Dumping the SAM database

Question 3

After gaining initial access to a Windows host, a penetration tester wants to dump credentials, including plaintext passwords and NTLM hashes, directly from the memory of the Local Security Authority Subsystem Service (LSASS). Which of the following tools is famously used for this specific purpose?

Accepted Answer

Mimikatz

Answer

Nmap

Answer

John the Ripper

Answer

Wireshark

Question 4

You have gained a low-privilege shell on a Linux server. To plan your next steps for privilege escalation, you need to determine the exact kernel version and operating system details. Which of the following commands would provide this essential information?

Accepted Answer

uname -a

Answer

ifconfig

Answer

netstat -an

Answer

pwd

Question 5

During a post-exploitation phase within a Windows Active Directory environment, a tester has obtained valid user credentials (username and password). They now wish to execute commands on a remote machine (192.168.1.100) using these credentials. Which tool from the Sysinternals Suite is commonly used for this type of lateral movement?

Accepted Answer

PsExec

Answer

Metasploit

Answer

Hydra

Answer

Hashcat

Question 6

Which of the following actions is a post-exploitation technique focused on "covering tracks" to evade detection?

Accepted Answer

Clearing specific event logs or modifying shell history files.

Answer

Running a privilege escalation exploit.

Answer

Establishing a reverse shell for persistence.

Answer

Dumping password hashes from memory.