eJPT - eLearnSecurity Junior Penetration Tester Post-Exploitation Techniques Questions and Answers

Question 1

A penetration tester has gained a shell on a public-facing web server (10.0.0.5). During internal reconnaissance, they discover an internal network segment (192.168.1.0/24) connected to the server's second network interface. To scan this internal network from their attack machine, which technique must they employ?

Accepted Answer

Pivoting

Answer

Pivoting is the technique of using a compromised host to route traffic from the attacker's machine to an otherwise inaccessible internal network. This allows the attacker to "pivot" their attack through the compromised machine to reach other systems.

Question 2

Which of the following is a common method for achieving persistence on a Linux system, ensuring a backdoor or reverse shell is re-established after a system reboot?

Accepted Answer

Creating a cron job

Answer

Cron is the time-based job scheduler in Unix-like operating systems. By adding a malicious command or script as a cron job, an attacker can ensure it runs automatically at specified intervals or on reboot, re-establishing their access.

Question 3

After gaining initial access to a Windows host, a penetration tester wants to dump credentials, including plaintext passwords and NTLM hashes, directly from the memory of the Local Security Authority Subsystem Service (LSASS). Which of the following tools is famously used for this specific purpose?

Accepted Answer

Mimikatz

Answer

Mimikatz is a powerful post-exploitation tool specifically designed to extract sensitive authentication credentials from a Windows system's memory, particularly the LSASS process. Its 'sekurlsa::logonpasswords' command is used to dump plaintext passwords and hashes.

Question 4

You have gained a low-privilege shell on a Linux server. To plan your next steps for privilege escalation, you need to determine the exact kernel version and operating system details. Which of the following commands would provide this essential information?

Accepted Answer

uname -a

Answer

The `uname -a` command prints all available system information, including the kernel name, hostname, kernel release version, machine hardware name, and operating system. This is a crucial first step in searching for kernel-based privilege escalation exploits.

Question 5

During a post-exploitation phase within a Windows Active Directory environment, a tester has obtained valid user credentials (username and password). They now wish to execute commands on a remote machine (192.168.1.100) using these credentials. Which tool from the Sysinternals Suite is commonly used for this type of lateral movement?

Accepted Answer

PsExec

Answer

PsExec, part of the Windows Sysinternals Suite, is a lightweight tool that allows users to execute processes on remote systems. Attackers and penetration testers frequently use it for lateral movement once they have obtained valid credentials, as it provides an interactive command prompt on the target machine over SMB (port 445).

eJPT - eLearnSecurity Junior Penetration Tester Practice Test

eJPT - eLearnSecurity Junior Penetration Tester Practice Test

eJPT - eLearnSecurity Junior Penetration Tester Post-Exploitation Techniques Questions and Answers