CompTIA Exam PT0-003 Topic 5 Question 22 Discussion

Actual exam question for CompTIA's PT0-003 exam

Question #: 22
Topic #: 5

[All PT0-003 Questions]

A penetration tester completes a scan and sees the following output on a host:

bash

Copy code

Nmap scan report for victim (10.10.10.10)

Host is up (0.0001s latency)

PORT STATE SERVICE

161/udp open|filtered snmp

445/tcp open microsoft-ds

3389/tcp open microsoft-ds

Running Microsoft Windows 7

OS CPE: cpe:/o:microsoft:windows_7_sp0

The tester wants to obtain shell access. Which of the following related exploits should the tester try first?

Aexploit/windows/smb/psexec

Bexploit/windows/smb/ms08_067_netapi

Cexploit/windows/smb/ms17_010_eternalblue

Dauxiliary/scanner/snmp/snmp_login

Show Suggested Answer

Suggested Answer: C

The ms17_010_eternalblue exploit is the most appropriate choice based on the scenario.

Why MS17-010 EternalBlue?

EternalBlue is a critical vulnerability in SMBv1 (port 445) affecting older versions of Windows, including Windows 7.

The exploit can be used to execute arbitrary code remotely, providing shell access to the target system.

Other Options:

A (psexec): This exploit is a post-exploitation tool that requires valid credentials to execute commands remotely.

B (ms08_067_netapi): A vulnerability targeting older Windows systems (e.g., Windows XP). It is unlikely to work on Windows 7.

D (snmp_login): This is an auxiliary module for enumerating SNMP, not gaining shell access.

CompTIA Pentest+ Reference:

Domain 2.0 (Information Gathering and Vulnerability Identification)

Domain 3.0 (Attacks and Exploits)

by Jess at Apr 09, 2025, 11:31 AM

Limited Time Offer

25%

Off

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!