How can this weakness be exploited to access the system?

During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. The tester assumes that the service is running with Local System account.

How can this weakness be exploited to access the system?
A . Using the Metasploit psexec module setting the SA / Admin credential
B . Invoking the stored procedure xp_shell to spawn a Windows command shell
C . Invoking the stored procedure cmd_shell to spawn a Windows command shell
D . Invoking the stored procedure xp_cmdshell to spawn a Windows command shell

View Answer

Answer: D