Exam PT0-003 Topic 1 Question 84 Discussion
Actual exam question for CompTIA's PT0-003 exam
Question #: 84
Topic #: 1
Question #: 84
Topic #: 1
A penetration tester enumerates a legacy Windows host on the same subnet. The tester needs to select exploit methods that will have the least impact on the host's operating stability. Which of the following commands should the tester try first?
Suggested Answer: A Vote an answer
Responder is a tool used for capturing and analyzing NetBIOS, LLMNR, and MDNS queries to perform various man-in-the-middle (MITM) attacks. It can be used to capture hashed credentials, which can then be cracked offline. Using Responder has the least impact on the host's operating stability compared to more aggressive methods like buffer overflow attacks or payload injections.
Step-by-Step Explanation
Understanding Responder:
Purpose: Responder is used to capture NTLMv2 hashes from a Windows network.
Operation: It listens on the network for LLMNR, NBT-NS, and MDNS requests and responds to them, tricking the client into authenticating with the attacker's machine.
Command Breakdown:
responder -I eth0: Starts Responder on the network interface eth0.
john responder_output.txt: Uses John the Ripper to crack the hashes captured by Responder.
<rdp to target>: Suggests the next step after capturing credentials might involve using RDP with the cracked password, but the initial capture is passive and low impact.
Why This is the Best Choice:
Least Impact: Responder passively captures network traffic without interacting directly with the target host's system processes.
Stealth: It operates quietly on the network, making it less likely to cause stability issues or be detected by host-based security mechanisms.
Reference from Pentesting Literature:
Tools like Responder are discussed in penetration testing guides for initial reconnaissance and credential gathering without causing significant disruptions.
HTB write-ups frequently mention the use of Responder in network-based attacks to capture credentials safely.
Reference:
Penetration Testing - A Hands-on Introduction to Hacking
HTB Official Writeups
Step-by-Step Explanation
Understanding Responder:
Purpose: Responder is used to capture NTLMv2 hashes from a Windows network.
Operation: It listens on the network for LLMNR, NBT-NS, and MDNS requests and responds to them, tricking the client into authenticating with the attacker's machine.
Command Breakdown:
responder -I eth0: Starts Responder on the network interface eth0.
john responder_output.txt: Uses John the Ripper to crack the hashes captured by Responder.
<rdp to target>: Suggests the next step after capturing credentials might involve using RDP with the cracked password, but the initial capture is passive and low impact.
Why This is the Best Choice:
Least Impact: Responder passively captures network traffic without interacting directly with the target host's system processes.
Stealth: It operates quietly on the network, making it less likely to cause stability issues or be detected by host-based security mechanisms.
Reference from Pentesting Literature:
Tools like Responder are discussed in penetration testing guides for initial reconnaissance and credential gathering without causing significant disruptions.
HTB write-ups frequently mention the use of Responder in network-based attacks to capture credentials safely.
Reference:
Penetration Testing - A Hands-on Introduction to Hacking
HTB Official Writeups
by Max at Aug 05, 2024, 04:45 AM
Contact Us
If you have any question please leave me your email address, we will reply and send email to you in 12 hours.
Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday
Support: Contact now
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).