Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam PT0-003 Topic 5 Question 22 Discussion

Actual exam question for CompTIA's PT0-003 exam
Question #: 22
Topic #: 5
[All PT0-003 Questions]

A penetration tester completes a scan and sees the following output on a host:

bash

Copy code

Nmap scan report for victim (10.10.10.10)

Host is up (0.0001s latency)

PORT STATE SERVICE

161/udp open|filtered snmp

445/tcp open microsoft-ds

3389/tcp open microsoft-ds

Running Microsoft Windows 7

OS CPE: cpe:/o:microsoft:windows_7_sp0

The tester wants to obtain shell access. Which of the following related exploits should the tester try first?

Show Suggested Answer Hide Answer
Suggested Answer: C

The ms17_010_eternalblue exploit is the most appropriate choice based on the scenario.

Why MS17-010 EternalBlue?

EternalBlue is a critical vulnerability in SMBv1 (port 445) affecting older versions of Windows, including Windows 7.

The exploit can be used to execute arbitrary code remotely, providing shell access to the target system.

Other Options:

A (psexec): This exploit is a post-exploitation tool that requires valid credentials to execute commands remotely.

B (ms08_067_netapi): A vulnerability targeting older Windows systems (e.g., Windows XP). It is unlikely to work on Windows 7.

D (snmp_login): This is an auxiliary module for enumerating SNMP, not gaining shell access.

CompTIA Pentest+ Reference:

Domain 2.0 (Information Gathering and Vulnerability Identification)

Domain 3.0 (Attacks and Exploits)


by Jess at Apr 09, 2025, 11:31 AM

Limited Time Offer

25%

Off

Get Premium PT0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Catalina
11 days ago
I'd say C, but only if the tester has a time machine to go back to 2017. These days, you gotta stay on top of the latest vulnerabilities, am I right?
upvoted 0 times
...
Marguerita
22 days ago
Haha, I bet the tester could try all of them and still end up with a blue screen of death. Windows 7 is like a piñata - just keep swinging until something breaks!
upvoted 0 times
...
Moon
23 days ago
D all the way! Why bother with those complicated SMB exploits when you can just brute-force the SNMP service and get access that way?
upvoted 0 times
...
Serina
30 days ago
B seems like the safer bet here. MS08-067 is a well-known vulnerability that's been around for ages, so it's more likely to work.
upvoted 0 times
Ardella
3 days ago
B: Yeah, it's a reliable choice for gaining shell access on Windows systems.
upvoted 0 times
...
Kate
16 days ago
A: I agree, MS08-067 is a classic exploit that often works.
upvoted 0 times
...
...
Emeline
1 months ago
I'm not sure, but I think psexec could also be a good option to try for shell access.
upvoted 0 times
...
Shayne
1 months ago
I agree with Derick. EternalBlue is a known exploit for Windows systems.
upvoted 0 times
...
Derick
1 months ago
I think the tester should try exploit/windows/smb/ms17_010_eternalblue first.
upvoted 0 times
...
Trina
1 months ago
I'd go with C. The EternalBlue exploit is a classic and often works like a charm on Windows 7 machines.
upvoted 0 times
Corrina
18 days ago
Yes, it's definitely worth a try to gain shell access.
upvoted 0 times
...
Deeanna
19 days ago
I agree, EternalBlue is a powerful exploit for Windows 7.
upvoted 0 times
...
Stephania
22 days ago
A: I agree, EternalBlue is a powerful exploit for Windows 7.
upvoted 0 times
...
...

Save Cancel