Which Windows protocol enables running a payload on a remote system to interact with WinRM for lateral movement?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which Windows protocol enables running a payload on a remote system to interact with WinRM for lateral movement?

Explanation:
Understanding remote command execution on Windows hosts hinges on the management protocol built into Windows. Windows Remote Management (WinRM) is the service and protocol that enables remote command execution and management, which attackers can leverage to run a payload on a remote system and interact with that system over a network. WinRM uses the WS-Management standard and communicates over HTTP or HTTPS (ports 5985 and 5986), authenticating with Kerberos or NTLM. This makes it a common avenue for lateral movement, often leveraged through PowerShell Remoting to issue commands, deploy payloads, and receive results back from remote machines. The other options don’t fit this scenario. A keystroke logger records input rather than enabling remote execution, and hardware keystroke loggers serve a similar purpose without remote interaction capabilities. RemoteExec isn’t a standard Windows protocol for remote management.

Understanding remote command execution on Windows hosts hinges on the management protocol built into Windows. Windows Remote Management (WinRM) is the service and protocol that enables remote command execution and management, which attackers can leverage to run a payload on a remote system and interact with that system over a network. WinRM uses the WS-Management standard and communicates over HTTP or HTTPS (ports 5985 and 5986), authenticating with Kerberos or NTLM. This makes it a common avenue for lateral movement, often leveraged through PowerShell Remoting to issue commands, deploy payloads, and receive results back from remote machines.

The other options don’t fit this scenario. A keystroke logger records input rather than enabling remote execution, and hardware keystroke loggers serve a similar purpose without remote interaction capabilities. RemoteExec isn’t a standard Windows protocol for remote management.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy