New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA PT0-003 Exam - Topic 2 Question 18 Discussion

Actual exam question for CompTIA's PT0-003 exam
Question #: 18
Topic #: 2
[All PT0-003 Questions]

A tester obtains access to an endpoint subnet and wants to move laterally in the network. Given the following output:

kotlin

Copy code

Nmap scan report for some_host

Host is up (0.01 latency).

PORT STATE SERVICE

445/tcp open microsoft-ds

Host script results: smb2-security-mode: Message signing disabled

Which of the following command and attack methods is the most appropriate for reducing the chances of being detected?

Show Suggested Answer Hide Answer
Suggested Answer: A

Explanation of the Correct Option:

A (responder and ntlmrelayx.py):

Responder is a tool for intercepting and relaying NTLM authentication requests.

Since SMB signing is disabled, ntlmrelayx.py can relay authentication requests and escalate privileges to move laterally without directly brute-forcing credentials, which is stealthier.

Why Not Other Options?

B: Exploiting MS17-010 (psexec) is noisy and likely to trigger alerts.

C: Brute-forcing credentials with Hydra is highly detectable due to the volume of failed login attempts.

D: Nmap scripts like smb-brute.nse are useful for enumeration but involve brute-force methods that increase detection risk.

CompTIA Pentest+ Reference:

Domain 3.0 (Attacks and Exploits)


by Stephaine at Jan 24, 2025, 03:13 AM

Limited Time Offer

25%

Off

Get Premium PT0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Tegan
3 months ago
Message signing disabled? That's a huge vulnerability!
upvoted 0 times
...
Lamonica
3 months ago
Wait, can we really trust those tools? Seems risky.
upvoted 0 times
...
Ollie
3 months ago
I think option B is more effective, though.
upvoted 0 times
...
Jill
4 months ago
Definitely going with option A, it’s stealthy.
upvoted 0 times
...
Jennie
4 months ago
Port 445 is open, that's a big red flag.
upvoted 0 times
...
Denise
4 months ago
I feel like using hydra in option C could be risky, but brute-forcing SMB might not be the stealthiest approach.
upvoted 0 times
...
Louvenia
4 months ago
I practiced with Metasploit before, so option B seems familiar, but I wonder if it’s too noisy compared to the others.
upvoted 0 times
...
Herminia
4 months ago
I think option A with responder might be effective since it can relay NTLM hashes, but I’m not confident about the specifics.
upvoted 0 times
...
Howard
5 months ago
I remember we discussed lateral movement techniques, but I'm not entirely sure which command minimizes detection the most.
upvoted 0 times
...
Shaunna
5 months ago
I've got a good feeling about option A. The question is specifically asking for the least detectable approach, and the responder tool with ntlmrelayx seems like it would fit the bill.
upvoted 0 times
...
Lynette
5 months ago
I'm a bit confused by the different attack methods mentioned. I'll need to review my notes on lateral movement techniques to decide which one is the most appropriate here.
upvoted 0 times
...
Dorinda
5 months ago
Okay, let's think this through. Based on the information provided, option A with responder and ntlmrelayx seems like the best approach to avoid detection.
upvoted 0 times
...
Annmarie
5 months ago
Hmm, I'm a bit unsure about this one. The question is asking for the most appropriate command, but I'm not sure which one would be the stealthiest.
upvoted 0 times
...
Erick
5 months ago
This looks like a tricky lateral movement question. I'll need to carefully consider the options and the potential risks involved.
upvoted 0 times
...
Werner
1 year ago
I think option D) nmap ---script smb-brute.nse -p 445 could also be a good approach to reduce detection.
upvoted 0 times
...
Heidy
1 year ago
I disagree, I believe option B) msf > use exploit/windows/smb/ms17_010_psexec msf > msf > run is the best choice.
upvoted 0 times
...
Sharika
1 year ago
I think the most appropriate command is A) responder -T eth0 -dwv ntlmrelayx.py -smb2support -tf .
upvoted 0 times
...
Verda
1 year ago
Dude, I heard if you run `rm -rf /` on the target, it automatically unlocks all the doors. Trust me, I'm a hacker.
upvoted 0 times
...
Tawanna
1 year ago
Lol, what is this, amateur hour? Nmap Tawannas can't compete with the pros. *snorts*
upvoted 0 times
...
Stephanie
1 year ago
MS17_010_PSEXEC? Nah, that's like using a bazooka to kill a fly. Gotta be more subtle, bruh.
upvoted 0 times
...
Kattie
1 year ago
Bro, you really think hydra's gonna work here? SMB bruteforce is so 2010. Where's the creativity?
upvoted 0 times
Jovita
1 year ago
B) msf > use exploit/windows/smb/ms17_010_psexec msf > msf > run
upvoted 0 times
...
Brandee
1 year ago
A) responder -T eth0 -dwv ntlmrelayx.py -smb2support -tf
upvoted 0 times
...
...
Lynsey
1 year ago
Nah, man, responder all the way. Gotta keep that lateral movement on the DL, ya know?
upvoted 0 times
Omer
1 year ago
C) hydra -L administrator -P /path/to/passwdlist smb://
upvoted 0 times
...
Glenn
1 year ago
B) msf > use exploit/windows/smb/ms17_010_psexec msf > msf > run
upvoted 0 times
...
Dierdre
1 year ago
A) responder -T eth0 -dwv ntlmrelayx.py -smb2support -tf
upvoted 0 times
...
...

Save Cancel