Free Top CompTIA Pentest+ PT0-003 Actual Exam Questions - Question 2 Discussion
During an internal penetration test, a tester compromises a Windows OS-based endpoint and
bypasses the defensive mechanisms. The tester also discovers that the endpoint is part of an Active
Directory (AD) local domain.
The tester’s main goal is to leverage credentials to authenticate into other systems within the Active
Directory environment.
Which of the following steps should the tester take to complete the goal?
It’s A because the main goal is to get credentials for other systems, and Mimikatz directly pulls those from memory. B and D don’t really help with AD-wide access, and C depends on already having creds.
It’s A. Mimikatz is really the standard tool for extracting credentials directly from memory on a compromised Windows endpoint, which fits perfectly with the goal of moving laterally in an AD environment. B doesn’t work as well here since cracking local passwords isn’t necessary if you can grab creds directly. C depends on having valid creds first, which Mimikatz helps get. D is more about initial exploitation, not lateral movement using existing credentials. So, using Mimikatz to get those account details is the most straightforward way to achieve the tester's objective.
A imo, Mimikatz is the go-to for grabbing creds to move laterally in AD.
Maybe A makes sense since Mimikatz can dump both plaintext and hashes, giving more options to authenticate elsewhere. B and D seem less direct for credential reuse in AD environments.
Gotta say option D seems like a detour since the creds are already there. B sounds slow too, cracking passwords isn't always needed. I’m thinking A is the move here.