Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA PT0-003 Exam - Topic 5 Question 22 Discussion

Actual exam question for CompTIA's PT0-003 exam
Question #: 22
Topic #: 5
[All PT0-003 Questions]

A penetration tester completes a scan and sees the following output on a host:

bash

Copy code

Nmap scan report for victim (10.10.10.10)

Host is up (0.0001s latency)

PORT STATE SERVICE

161/udp open|filtered snmp

445/tcp open microsoft-ds

3389/tcp open microsoft-ds

Running Microsoft Windows 7

OS CPE: cpe:/o:microsoft:windows_7_sp0

The tester wants to obtain shell access. Which of the following related exploits should the tester try first?

Show Suggested Answer Hide Answer
Suggested Answer: C

The ms17_010_eternalblue exploit is the most appropriate choice based on the scenario.

Why MS17-010 EternalBlue?

EternalBlue is a critical vulnerability in SMBv1 (port 445) affecting older versions of Windows, including Windows 7.

The exploit can be used to execute arbitrary code remotely, providing shell access to the target system.

Other Options:

A (psexec): This exploit is a post-exploitation tool that requires valid credentials to execute commands remotely.

B (ms08_067_netapi): A vulnerability targeting older Windows systems (e.g., Windows XP). It is unlikely to work on Windows 7.

D (snmp_login): This is an auxiliary module for enumerating SNMP, not gaining shell access.

CompTIA Pentest+ Reference:

Domain 2.0 (Information Gathering and Vulnerability Identification)

Domain 3.0 (Attacks and Exploits)


by Jess at Apr 09, 2025, 11:31 AM

Limited Time Offer

25%

Off

Get Premium PT0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Maynard
5 months ago
A is a good choice too, psexec can be sneaky!
upvoted 0 times
...
Elza
5 months ago
Nah, I think C, eternalblue is more powerful.
upvoted 0 times
...
Felicidad
6 months ago
I disagree, D seems less effective for shell access.
upvoted 0 times
...
Zona
6 months ago
Wait, isn't Windows 7 pretty outdated? Surprised it's still around.
upvoted 0 times
...
Brianne
6 months ago
I'd go with B, ms08_067 is pretty reliable on Windows 7.
upvoted 0 times
...
Diego
6 months ago
I think the snmp_login auxiliary might not give shell access directly, so it seems less relevant for this question.
upvoted 0 times
...
Cecily
7 months ago
I feel like the psexec option could be useful, but I’m not confident if it’s the best choice here.
upvoted 0 times
...
Desmond
7 months ago
I'm not entirely sure, but I think the eternalblue exploit is more recent and might be more effective against Windows 7.
upvoted 0 times
...
Dorothy
7 months ago
I remember practicing with the ms08_067 exploit; it was one of the first ones I learned about for Windows vulnerabilities.
upvoted 0 times
...
Kimberely
7 months ago
Okay, let me think this through. The open SNMP port could be an interesting attack vector, but the question is focused on SMB exploits. I'll start with the PSExec module and see if that gets me in. If not, I'll try the other SMB options.
upvoted 0 times
...
Leota
7 months ago
Ah, I know this one! The EternalBlue exploit is the way to go. It's a popular choice for Windows 7 systems with SMB vulnerabilities. I'll give that a shot and see if I can get a shell.
upvoted 0 times
...
Han
8 months ago
I'm a bit unsure here. The open SNMP port is interesting, but the question is specifically asking about SMB exploits. Maybe I should start with the MS08-067 vulnerability and see if that works.
upvoted 0 times
...
Freeman
8 months ago
Hmm, this looks like a classic Windows SMB exploit scenario. I think I'll try the PSExec module first - it's a reliable option for gaining shell access on Windows 7 systems.
upvoted 0 times
...
Catalina
1 year ago
I'd say C, but only if the tester has a time machine to go back to 2017. These days, you gotta stay on top of the latest vulnerabilities, am I right?
upvoted 0 times
Latonia
11 months ago
B: Good idea. Let's see if we can exploit that vulnerability.
upvoted 0 times
...
Lettie
11 months ago
A: Let's give it a try and see if we can get shell access.
upvoted 0 times
...
Misty
12 months ago
B: Yeah, that could work. It's worth a shot.
upvoted 0 times
...
Velda
12 months ago
A: Maybe try the EternalBlue exploit for the Windows 7 machine.
upvoted 0 times
...
...
Marguerita
1 year ago
Haha, I bet the tester could try all of them and still end up with a blue screen of death. Windows 7 is like a piñata - just keep swinging until something breaks!
upvoted 0 times
...
Moon
1 year ago
D all the way! Why bother with those complicated SMB exploits when you can just brute-force the SNMP service and get access that way?
upvoted 0 times
Tamar
11 months ago
User3: I think I'll give D a try first, thanks for the tip!
upvoted 0 times
...
Justine
11 months ago
User2: Agreed, brute-forcing SNMP seems like a quicker route to shell access.
upvoted 0 times
...
Erinn
12 months ago
User1: Yeah, D sounds like the easiest way to go.
upvoted 0 times
...
...
Serina
1 year ago
B seems like the safer bet here. MS08-067 is a well-known vulnerability that's been around for ages, so it's more likely to work.
upvoted 0 times
Fausto
12 months ago
A: Let's give it a try and see if we can get in using that exploit.
upvoted 0 times
...
Ardella
12 months ago
B: Yeah, it's a reliable choice for gaining shell access on Windows systems.
upvoted 0 times
...
Kate
1 year ago
A: I agree, MS08-067 is a classic exploit that often works.
upvoted 0 times
...
...
Emeline
1 year ago
I'm not sure, but I think psexec could also be a good option to try for shell access.
upvoted 0 times
...
Shayne
1 year ago
I agree with Derick. EternalBlue is a known exploit for Windows systems.
upvoted 0 times
...
Derick
1 year ago
I think the tester should try exploit/windows/smb/ms17_010_eternalblue first.
upvoted 0 times
...
Trina
1 year ago
I'd go with C. The EternalBlue exploit is a classic and often works like a charm on Windows 7 machines.
upvoted 0 times
Isidra
12 months ago
B: I'll give it a try then, thanks for the tip!
upvoted 0 times
...
Marya
12 months ago
A: Yes, it's been quite effective in my experience.
upvoted 0 times
...
An
12 months ago
B: Have you used it before?
upvoted 0 times
...
Corrina
1 year ago
Yes, it's definitely worth a try to gain shell access.
upvoted 0 times
...
Deeanna
1 year ago
I agree, EternalBlue is a powerful exploit for Windows 7.
upvoted 0 times
...
Stephania
1 year ago
A: I agree, EternalBlue is a powerful exploit for Windows 7.
upvoted 0 times
...
...

Save Cancel