Valid PT0-003 Dumps shared by ExamDiscuss.com for Helping Passing PT0-003 Exam! ExamDiscuss.com now offer the newest PT0-003 exam dumps, the ExamDiscuss.com PT0-003 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com PT0-003 dumps with Test Engine here:
During an assessment, a penetration tester exploits an SQLi vulnerability. Which of the following commands would allow the penetration tester to enumerate password hashes?
Correct Answer: B
To enumerate password hashes using an SQL injection vulnerability, the penetration tester needs to extract specific columns from the database that typically contain password hashes. The --dump command in sqlmap is used to dump the contents of the specified database table. Here's a breakdown of the options: * Option A: sqlmap -u www.example.com/?id=1 --search -T user * The --search option is used to search for columns and not to dump data. This would not enumerate password hashes. * Option B: sqlmap -u www.example.com/?id=1 --dump -D accounts -T users -C cred * This command uses --dump to extract data from the specified database accounts, table users, and column cred. This is the correct option to enumerate password hashes, assuming cred is the column containing the password hashes. * Option C: sqlmap -u www.example.com/?id=1 --tables -D accounts * The --tables option lists all tables in the specified database but does not extract data. * Option D: sqlmap -u www.example.com/?id=1 --schema --current-user --current-db * The --schema option provides the database schema information, and --current-user and --current- db provide information about the current user and database but do not dump data. References from Pentest: * Writeup HTB: Demonstrates using sqlmap to dump data from specific tables to retrieve sensitive information, including password hashes. * Luke HTB: Shows the process of exploiting SQL injection to extract user credentials and hashes by dumping specific columns from the database.