Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam PT0-003 Topic 2 Question 18 Discussion

Actual exam question for CompTIA's PT0-003 exam
Question #: 18
Topic #: 2
[All PT0-003 Questions]

A tester obtains access to an endpoint subnet and wants to move laterally in the network. Given the following output:

kotlin

Copy code

Nmap scan report for some_host

Host is up (0.01 latency).

PORT STATE SERVICE

445/tcp open microsoft-ds

Host script results: smb2-security-mode: Message signing disabled

Which of the following command and attack methods is the most appropriate for reducing the chances of being detected?

Show Suggested Answer Hide Answer
Suggested Answer: A

Explanation of the Correct Option:

A (responder and ntlmrelayx.py):

Responder is a tool for intercepting and relaying NTLM authentication requests.

Since SMB signing is disabled, ntlmrelayx.py can relay authentication requests and escalate privileges to move laterally without directly brute-forcing credentials, which is stealthier.

Why Not Other Options?

B: Exploiting MS17-010 (psexec) is noisy and likely to trigger alerts.

C: Brute-forcing credentials with Hydra is highly detectable due to the volume of failed login attempts.

D: Nmap scripts like smb-brute.nse are useful for enumeration but involve brute-force methods that increase detection risk.

CompTIA Pentest+ Reference:

Domain 3.0 (Attacks and Exploits)


by Stephaine at Jan 24, 2025, 03:13 AM

Limited Time Offer

25%

Off

Get Premium PT0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Werner
3 months ago
I think option D) nmap ---script smb-brute.nse -p 445 could also be a good approach to reduce detection.
upvoted 0 times
...
Heidy
3 months ago
I disagree, I believe option B) msf > use exploit/windows/smb/ms17_010_psexec msf > msf > run is the best choice.
upvoted 0 times
...
Sharika
3 months ago
I think the most appropriate command is A) responder -T eth0 -dwv ntlmrelayx.py -smb2support -tf .
upvoted 0 times
...
Verda
4 months ago
Dude, I heard if you run `rm -rf /` on the target, it automatically unlocks all the doors. Trust me, I'm a hacker.
upvoted 0 times
...
Tawanna
4 months ago
Lol, what is this, amateur hour? Nmap Tawannas can't compete with the pros. *snorts*
upvoted 0 times
...
Stephanie
4 months ago
MS17_010_PSEXEC? Nah, that's like using a bazooka to kill a fly. Gotta be more subtle, bruh.
upvoted 0 times
...
Kattie
4 months ago
Bro, you really think hydra's gonna work here? SMB bruteforce is so 2010. Where's the creativity?
upvoted 0 times
Jovita
4 months ago
B) msf > use exploit/windows/smb/ms17_010_psexec msf > msf > run
upvoted 0 times
...
Brandee
4 months ago
A) responder -T eth0 -dwv ntlmrelayx.py -smb2support -tf
upvoted 0 times
...
...
Lynsey
4 months ago
Nah, man, responder all the way. Gotta keep that lateral movement on the DL, ya know?
upvoted 0 times
Omer
3 months ago
C) hydra -L administrator -P /path/to/passwdlist smb://
upvoted 0 times
...
Glenn
4 months ago
B) msf > use exploit/windows/smb/ms17_010_psexec msf > msf > run
upvoted 0 times
...
Dierdre
4 months ago
A) responder -T eth0 -dwv ntlmrelayx.py -smb2support -tf
upvoted 0 times
...
...

Save Cancel