Post-Exploitation ๐ฉ CTFs & Labs ๐งช โ Quizzes Introduction To Post-Exploitation Question Answer The post-exploitation techniques you can use will differ based on the operating system running on a target. True
Post-Exploitation Methodology Question Answer Which one of the following post-exploitation phases is typically performed first? Local Enumeration
Question Answer Which one of the following Windows commands can be used to enumerate a list of installed updates in addition to the HotFix URL? wmic qfe get Caption,Description,HotFixID,InstalledOn
Enumerating Users & Groups - Windows Question Answer Which one of the following Windows commands can be used to display the members of the local administrators group? net localgroup administrators The Windows Administrator account is disabled by default unless it is explicitly enabled. True Which one of the following Windows commands can be used to enumerate the privileges of the current user? whoami /priv
Question Answer Which one of the following netstat commands can be used to display a list of all active TCP and UDP connections along with their process IDs (PIDs) in numerical format? netstat -ano
Enumerating Processes & Services Question Answer Which one of the following Windows commands can be used to enumerate the list of running processes and the respective services being used by the processes? wmic service list brief tasklist /SVC What meterpreter command would you typically run to identify the PID of a specific process? pgrep explorer.exe
Automating Windows Local Enumeration Question Answer Local enumeration automation scripts can replace manual local enumeration techniques. False Which one of the following MSF modules can be used to enumerate a list of SMB shares on the target system? windows/gather/enum_shares
Question Answer Which one of the following Linux commands can be used to enumerate the Distribution name and release version on a Linux system? cat /etc/*release
Enumerating Users & Groups - Linux Question Answer Which one of the following Linux commands can be used to display the groups that a specific user is a member of? groups
Question Answer Which one of the following Linux commands can be used to display the primary nameserver that will be used by default? cat /etc/resolv.conf
Enumerating Processes & Cron Jobs | Question | Answer | | -------------------------------------------------------------------------------------------------------------------------- | ------ | --------- | | Which one of the following Linux commands can be used to display only the processes that are running with root privileges? | ps aux | grep root |
Automating Linux Local Enumeration Question Answer Which one of the following commands can be used to display a list of installed shells on a Linux system? cat /etc/shells In addition to automating local enumeration on Linux, the LinEnum script also enumerates a list of installed compilers. True Which one of the following commands can be used to assign executable permissions to a file on Linux? chmod +x script.sh
Setting Up A Web Server With Python Question Answer Which one of the following commands can be used to run the http.server Python module on port 8080? python3 -m http.server 8080
Transferring Files To Windows Targets Question Answer Which one of the following Windows utilities can be used to download files from a remote web server? certutil
Transferring Files To Linux Targets Upgrading Non-Interactive Shells Question Answer Which one of the following Linux commands can be used to upgrade a non-interactive shell to a bash session? python -c 'import pty;pty.spawn("/bin/bash")'
Identifying Windows Privilege Escalation Vulnerabilities Question Answer The PrivescCheck PowerShell script can be used to identify services with weak permissions. True What PowerShell command can be used to bypass the default execution policy when running PowerShell scripts from the Windows command line? powershell Set-ExecutionPolicy Bypass .\script.ps1
Windows Privilege Escalation Question Answer After obtaining user account credentials, what protocols can we use to authenticate with the Windows target? (Select all that apply) WinRM,RDP,SMB
Linux Privilege Escalation - Weak Permissions Question Answer Which one of the following Linux commands can be used to identify files with the write permission applied for all user accounts? find / -not -type l -perm -o+w
Linux Privilege Escalation - SUDO Privileges Question Answer Which one of the following Linux commands can be used to identify commands that can be executed with specific SUDO permissions? sudo -l
Persistence Via Services Question Answer You require elevated privileges in order to establish persistence on a Windows system. True Establishing persistence on a system does not interfere with the functionality of the operating system. False
Persistence Via RDP Question Answer In addition to using cleartext passwords for authentication with RDP, we can also utilize user account hashes. False
Persistence Via SSH Keys Question Answer Which one of the following commands can be used to transfer files from a target system to our local system via SSH? scp user@192.168.1.100:/root/file.txt /home/kali/
Persistence Via Cron Jobs Question Answer Cron Jobs can be configured to run indefinitely every minute of every hour of every day. TRUE Which one of the following crontab commands can be used to display existing cron jobs. crontab -l
Dumping & Cracking NTLM Hashes Question Answer What hash mode would you use when cracking NTLM Hashes with Hashcat? -m 1000
Dumping & Cracking Linux Password Hashes | Question | Answer | | ------------------------------------------------------------------------------------------------ | ------ | ---- | | What Hashcat hash mode would you use when cracking Linux password Hashes encrypted with SHA-512? | -m | 1800 |
|After compromising a Linux system and elevating your privileges, you display the content of the /etc/shadow file and discover that the password hashes have a prefix of
"\(1". What hashing algorithm corresponds with "\) 1"?| MD5|
Pivoting Question Answer Which one of the following Meterpreter commands can be used to add a network route for a specific subnet? run autoroute -s 192.168.1.0/24
Clearing Your Tracks On Windows Question Answer Which one of the following Meterpreter commands can be used to execute a cleanup resource script from within Meterpreter? resource cleanup.rc
Clearing Your Tracks On Linux Question Answer What is the default file used to store a user account's bash history? .bash_history
May 15, 2025 May 15, 2025