ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 419 discussion

Actual exam question from CompTIA's SY0-601
Question #: 419
Topic #: 1
[All SY0-601 Questions]

During a forensic investigation, a security analyst discovered that the following command was run on a compromised host:

crackmapexec smb 192.168.10.232 -u localadmin -H 0A3CE8D07A46E5C51070F03593E0A5E6

Which of the following attacks occurred?

  • A. Buffer overflow
  • B. Pass the hash
  • C. SQL injection
  • D. Replay attack
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by jskiff1 at May 2, 2023, 3:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ApplebeesWaiter1122
Highly Voted 2 years, 1 month ago
Selected Answer: B
The command "crackmapexec smb" is used to perform password attacks against SMB protocol, which is used for file and printer sharing on Windows-based networks. The "-u" option specifies the username, while the "-H" option specifies the password hash. Therefore, the command is attempting to use a password hash to authenticate as the local administrator on the host with IP address 192.168.10.232. Based on this, the attack that occurred is Pass the Hash. This attack technique involves stealing password hashes from compromised machines and using them to authenticate to other machines on the network without knowing the actual passwords.
upvoted 27 times
JarnBarn
1 year, 6 months ago
AppleBebebebebe
upvoted 6 times
...
...
LordJaraxxus
Most Recent 1 year, 3 months ago
Selected Answer: B
Passing-the-Hash CME supports authenticating via SMB using Passing-The-Hash attacks with the -H flag: crackmapexec smb <target(s)> -u username -H LMHASH:NTHASH crackmapexec smb <target(s)> -u username -H NTHASH
upvoted 1 times
...
ganymede
1 year, 6 months ago
Selected Answer: B
B. Pass the hash crackmapexec can run a pass the hash attack. From the man page: -H HASH [HASH ...], --hash HASH [HASH ...]
upvoted 1 times
...
chocopiess
2 years, 1 month ago
Selected Answer: B
The command "crackmapexec smb 192.168.10.232 -u localadmin -H 0A3CE8D07A46E5C51070F03593E0A5E6" is attempting to use a stolen hash to access the SMB service on a host with IP address 192.168.10.232.
upvoted 2 times
...
fouserd
2 years, 1 month ago
Selected Answer: B
Pass The Hash is correct.
upvoted 1 times
...
mouettespaghetti
2 years, 1 month ago
-B is correct The command crackmapexec smb is a tool used to perform attacks against SMB (Server Message Block) services running on Windows operating systems. The -u flag specifies a user account to use for authentication, and the -H flag specifies a password hash. In this case, the attacker used a password hash to authenticate as the localadmin user, without actually knowing the password. This technique is called Pass the Hash and is often used by attackers to escalate privileges or move laterally within a network.
upvoted 4 times
...
jskiff1
2 years, 1 month ago
B. Pass the Hash
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel