U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CompTIA PT0-003 Exam - Topic 2 Question 37 Discussion

A penetration tester gained a foothold within a network. The penetration tester needs to enumerate all users within the domain. Which of the following is the best way to accomplish this task?
B) net.exe
A) pwd.exe
C) sc.exe
D) msconfig.exe

CompTIA PT0-003 Exam - Topic 2 Question 37 Discussion

Actual exam question for CompTIA's PT0-003 exam
Question #: 37
Topic #: 2
[All PT0-003 Questions]

A penetration tester gained a foothold within a network. The penetration tester needs to enumerate all users within the domain. Which of the following is the best way to accomplish this task?

Show Suggested Answer Hide Answer
Suggested Answer: B

Comprehensive and Detailed Explanation From Exact Extract:

net.exe is the classic Windows networking utility that includes commands for enumerating domain resources and accounts from a compromised host where the tester has any authenticated domain context. Typical commands used by penetration testers to enumerate domain users with net.exe include:

net user /domain --- lists domain user accounts (name and some properties).

net group 'Domain Users' /domain --- lists members of the Domain Users group.

net view /domain --- lists computers in the domain (useful to find targets for further enumeration).

Why net.exe is the best option here:

It is installed by default on Windows systems and works with the current authenticated domain credentials (common after gaining a foothold).

It provides a quick, low-noise way to enumerate user accounts and groups without requiring additional tooling or elevated privileges beyond an authenticated domain user.

Results can be scripted and parsed for further enumeration and pivoting.

Why the other options are not appropriate:

A . pwd.exe --- Not a standard Windows tool for domain enumeration (and not present by default).

C . sc.exe --- Service Controller tool for managing services; not used to enumerate domain users.

D . msconfig.exe --- System configuration GUI utility for startup/services; not for domain account enumeration.

Related alternatives (contextual, commonly used in pentests):

dsquery user -limit 0 (on systems with RSAT/AD tools) to query AD directly.

Get-ADUser -Filter * (PowerShell, requires the ActiveDirectory module and appropriate rights).

Tools like PowerView (PowerShell) or BloodHound (collection phase) can provide richer AD enumeration, but net.exe is the simplest built-in option to enumerate domain users from an authenticated foothold.

CompTIA PT0-003 Objective Mapping (summary):

Domain 2.0 Information Gathering and Vulnerability Scanning --- enumerate network and Active Directory objects using native tools and scripts (e.g., net.exe for domain user enumeration).


Contribute your Thoughts:

0/2000 characters
Eleonora
1 month ago
I think net.exe is the right choice here, but I’m not entirely sure why it’s better than the others.
upvoted 0 times
...

Save Cancel