During an assessment, a penetration tester gains a low-privilege shell and then runs the following command:
findstr /SIM /C:"pass" *.txt *.cfg *.xml
Which of the following is the penetration tester trying to enumerate?
Configuration files
Permissions
Virtual hosts
Secrets
The command searches for the keyword "pass" (passwords) across all .txt, .cfg, and .xml files, which are common locations for stored credentials.
Option A (Configuration files) ❌: While .cfg files may contain settings, the search is specifically for secrets (passwords).
Option B (Permissions) ❌: The command does not list permissions.
Option C (Virtual hosts) ❌: This does not relate to virtual host enumeration.
Option D (Secrets) ✅: Correct. The tester is looking for stored passwords or sensitive data.
???? Reference: CompTIA PenTest+ PT0-003 Official Guide – Privilege Escalation Techniques
Submit