CompTIA Exam PT0-003 Topic 2 Question 18 Discussion

Actual exam question for CompTIA's PT0-003 exam

Question #: 18
Topic #: 2

[All PT0-003 Questions]

A tester obtains access to an endpoint subnet and wants to move laterally in the network. Given the following output:

kotlin

Copy code

Nmap scan report for some_host

Host is up (0.01 latency).

PORT STATE SERVICE

445/tcp open microsoft-ds

Host script results: smb2-security-mode: Message signing disabled

Which of the following command and attack methods is the most appropriate for reducing the chances of being detected?

Aresponder -T eth0 -dwv ntlmrelayx.py -smb2support -tf <target>

Bmsf > use exploit/windows/smb/ms17_010_psexec msf > <set options> msf > run

Chydra -L administrator -P /path/to/passwdlist smb://<target>

Dnmap ---script smb-brute.nse -p 445 <target>

Show Suggested Answer

Suggested Answer: A

Explanation of the Correct Option:

A (responder and ntlmrelayx.py):

Responder is a tool for intercepting and relaying NTLM authentication requests.

Since SMB signing is disabled, ntlmrelayx.py can relay authentication requests and escalate privileges to move laterally without directly brute-forcing credentials, which is stealthier.

Why Not Other Options?

B: Exploiting MS17-010 (psexec) is noisy and likely to trigger alerts.

C: Brute-forcing credentials with Hydra is highly detectable due to the volume of failed login attempts.

D: Nmap scripts like smb-brute.nse are useful for enumeration but involve brute-force methods that increase detection risk.

CompTIA Pentest+ Reference:

Domain 3.0 (Attacks and Exploits)

by Stephaine at Jan 24, 2025, 03:13 AM

Limited Time Offer

25%

Off

Get Premium PT0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!