An attacker wants to allow further connections to a compromised system and maintain persistent access. The attacker uses the Windows system command Enable-PSRemoting -SkipNetworkProfileCheck – Force. What tool is being enabled using this command?

Oct 10, 2023 Last Updated: Oct 10, 2023 No Comments
Tweet Share Pin it
IT Questions BankCategory: Ethical HackerAn attacker wants to allow further connections to a compromised system and maintain persistent access. The attacker uses the Windows system command Enable-PSRemoting -SkipNetworkProfileCheck – Force. What tool is being enabled using this command?

An attacker wants to allow further connections to a compromised system and maintain persistent access. The attacker uses the Windows system command Enable-PSRemoting -SkipNetworkProfileCheck - Force. What tool is being enabled using this command?

  • WinRM
  • BloodHound
  • PsExec
  • WMImplant

Explanation: WinRM can be useful for post-exploitation activities. An attacker could enable WinRM to allow further connections to the compromised systems. It can easily be enabled on a Windows system by using the Enable-PSRemoting -SkipNetworkProfileCheck - Force command. This command configures the WinRM service to start automatically and sets up a firewall rule to allow inbound connections to the compromised system.

Exam with this question: 8.3.3 Quiz - Performing Post-Exploitation Techniques Answers

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments