• Tutorials
  • Courses
  • Tracks

Cyber Quiz Day 22

Last Updated :
Discuss
Comments

Question 1

You compromise a low-privilege Linux user on a production box with strict monitoring. What’s the first post-exploitation priority

  • Immediately attempt kernel escalation to root

  • Enumerate environment, controls, and blast radius (users, groups, sudo policy, services, logging)

  • Pull /etc/shadow to crack offline

  • Pivot to another host to avoid local alarms

Discuss it

Question 2

You land on Windows as a local admin, but UAC prompts block critical actions. Which assessment is most accurate?

  • UAC prevents all elevation for admins—escalation is impossible

  • UAC can restrict certain admin actions; misconfigs or weak policies can allow bypass, but it’s environment-dependent

  • UAC applies only to remote sessions, not local

  • UAC is only cosmetic; admins are already SYSTEM

Discuss it

Question 3

Why do attackers often attempt privilege escalation after initial access?

  • To patch the vulnerable system

  • To limit their activity and stay low-privilege

  • To gain administrator/root rights that allow full control, persistence, and lateral movement

  • Because low-privilege users cannot run any commands

Discuss it

Question 4

Which misconfiguration in Linux is most dangerous for privilege escalation?

  • /etc/shadow is world-readable

  • Having multiple normal users on the system

  • Use of SSH for authentication

  • SUID binaries owned by root that allow shell escapes

Discuss it

Question 5

A penetration tester finds a Windows service binary path is writable by normal users. What risk does this create?

  • It lets the tester replace the binary, which will then run with SYSTEM privileges when restarted

  • It allows denial of service only

  • It forces the user to become domain admin immediately

  • No real impact because services always drop privileges

Discuss it

Question 6

Which tool is most associated with extracting plaintext passwords and Kerberos tickets from Windows memory?

  • Metasploit

  • WinPEAS

  • Mimikatz

  • BloodHound

Discuss it

Question 7

During post-exploitation, you gain a Meterpreter shell on Windows as a local admin. Which is the most effective next step to check if UAC can be bypassed?

  • Run systeminfo

  • Delete event logs to hide presence

  • Run ipconfig /all

  • Use the Metasploit bypassuac module against the current session

Discuss it

Question 8

You have a foothold and need to pivot into an internal subnet with strict egress controls. Which approach best balances practicality and detection risk?

  • Application-layer relays/tunneling that piggyback on allowed outbound flows, combined with tight scoping and allow-list mimicking

  • Loud internal port scans from the pivot host

  • Raw GRE tunnels across the internet

  • Broadcast discovery from the DMZ

Discuss it

Question 9

You compromise a DMZ host with outbound HTTPS allowed. What’s the most practical way to pivot into the internal subnet?

  • Run noisy nmap scans directly from the DMZ host

  • Try to RDP into random IPs internally

  • Create an SSH tunnel/proxychains over HTTPS to forward internal traffic

  • Exfiltrate logs instead of pivoting

Discuss it

Question 10

A pen tester is asked to demonstrate business impact of post-exploitation without harming production. Which deliverable best fits?

  • Screenshot of SYSTEM/root shell only

  • List of unpatched CVEs

  • Controlled proof-of-concept: showing path to sensitive data (e.g., finance DB copy on test server) with minimal exposure

  • Dump of all user passwords

Discuss it

There are 10 questions to complete.

Take a part in the ongoing discussion