After gaining access to a dual-homed (i.e., wired and wireless) multifunction device by exploiting a vulnerability in the device's firmware, a penetration tester then gains shell access on another networked asset. This technique is an example of:
Initially, I chose Priviledge Escalation, but thinking through the question again, I changed my choice to Pivoting. There was the lateral movement (pivoting) before the priviledge escalation action.
footprinting - is done before a vulnerability is exploited. It includes gathering information about the victim to identify potential vulnerabilities.
persistence - refers to the techniques used by an attacker to maintain continuous access to the victim.
privilege escalation - gives the attacker access to a high-level privilege on the compromised host.
Pivoting is the process of using various tools to gain additional
information. For example, imagine a tester gains access to Homer’s
computer within a company’s network. The tester can then pivot and use
Homer’s computer to gather information on other computers. Homer might
have access to network shares filled with files on nuclear power plant
operations. The tester can use Homer’s computer to collect this data and
then send it back out of the network from Homer’s computer.
Testers (and attackers) can use pivoting techniques to gather a wide
variety of information. Many times, the tester must first use privilege
escalation techniques to gain more privileges. However, after doing so, the
tester can access databases (such as user accounts and password databases),
email, and any other type of data stored within a network.
Privilege escalation. Without privilege escalation, the pen tester couldn't get shell access!
Pivoting does not mean the same thing - it's merely lateral movement with the same (usually low) credentials. While pivoting is the first thing to happen, you must escalate your privileges to get shell access.
I think you're overthinking it, the threat actor already "exploited a vulnerability" to gain access to the network, it would make sense that they can pivot freely
In the given scenario, the penetration tester gains access to a multifunction device with both wired and wireless interfaces. Then, after exploiting a vulnerability in the device's firmware, the tester gains shell access on another networked asset. This technique is an example of "pivoting."
Pivoting is a method used by attackers or penetration testers to leverage their initial access to a compromised system or network to gain access to other systems within the same network. In this case, the attacker is using the compromised multifunction device as a pivot point to gain access to other networked assets.
Pivoting is a technique used by attackers or penetration testers to move from one compromised system or network to another. In this scenario, the attacker gained access to a multifunction device through a vulnerability in its firmware. From there, they used that compromised device to gain shell access on another networked asset, essentially using the compromised device as a pivot point to access other systems or networks.
This technique is an example of "pivoting". Pivoting is a technique used by attackers to move from one compromised system to another system on the same network, or to a different network, in order to expand their access and control. In this scenario, the attacker gained access to the multifunction device and then used that as a jumping-off point to gain shell access on another networked asset. This is an example of pivoting because the attacker used the initial compromise to "pivot" to another system and expand their access.
privilege escalation, refers to the act of gaining higher levels of access or privileges on a system or network. While privilege escalation may occur during the attack process, it does not specifically describe the technique used in this scenario.
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
stoneface
Highly Voted 2 years, 10 months agoDapsie
Most Recent 1 year, 1 month agoAbdullahMohammad251
1 year, 1 month agoLordJaraxxus
1 year, 4 months agoBD69
1 year, 4 months agoNetworkTester1235
1 year, 4 months agoSaberZero
1 year, 5 months agoProtract8593
1 year, 11 months agoApplebeesWaiter1122
2 years agoMasterControlProgram
2 years, 3 months agoxxxdolorxxx
2 years, 5 months agoIdkanything
2 years, 7 months agoxxxdolorxxx
2 years, 5 months agoApplebeesWaiter1122
2 years agoapplepieboy
2 years, 5 months agoBD69
1 year, 4 months agoJossie_C
2 years, 8 months agoEDSAL
2 years, 9 months ago