During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. The tester assumes that the service is running with Local System account. How can this weakness be exploited to access the system?
A.
Using the Metasploit psexec module setting the SA / Admin credential
B.
Invoking the stored procedure xp_shell to spawn a Windows command shell
C.
Invoking the stored procedure cmd_shell to spawn a Windows command shell
D.
Invoking the stored procedure xp_cmdshell to spawn a Windows command shell
xp_cmdshell - Spawns a Windows command shell and passes in a string for execution. Any output is returned as rows of text.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.312-50 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
dorinh
6 months, 1 week ago