Exam PT0-001 topic 1 question 67 discussion

looks good to me

. BeEF deals with browser penetrations. LLMNR/NetBIOS deals with DNS. MITM comes to mind with ARP. That's leaves Bruteforce.

Its A.

Well ... not 100% clear ... C. Beef is out of scope because you cant make the maschine visit a website A. Also seems not true, because if i get a running System into my hands i wanna make the most out of it ... Imagin you shut it down and the harddrive is encrypted ... On the other handy, typing in password guesses by hand won't be that great. Wich leaves us with B and D. ARP Spoofing makes only sense if you do a MITM Attack, so would need to connect for example your latop in between the device and the corpareted network. But Questions Says nothing about the network. So i think the question goes for LMNR Poisening with something like Responder, wich can be implemented even on a Raspberry pi Zero wich emulates a NIC when you plug it in via USB. And when you do a arp spoof with no network on the other end you need to emulate DNS ... well all doable with impacket and other tool but out of the Pentest+ Scope ... So the Odds for D a very very high ;)

D. This will help. https://www.cynet.com/attack-techniques-hands-on/llmnr-nbt-ns-poisoning-and-credential-access-using-responder/

A. Brute force the user's password.- If Bitlocker is not enabled, we might boot a live OS and bruteforce the password with rainbow tables. Still not sure laptop BIOS would let us boot our OS. C. Leverage the BeEF framework to capture credentials.- BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. So, what can we do with a locked windows. Simply change the network connection, for example, connecting to a evil twin, therefore using a MITM attack. I'd say the key word on this question is 'laptop', which implies wifi connection. Then, I'd quick connect the laptop to an wifi AP I set up, and I'd discover the laptop MAC address. This is silly because I can sniff wifi traffic so I'd know the MAC address and I'd perform an ARP attack. B. Perform an ARP spoofing attack. So, I'd go for D and the MITM theory. D. Conduct LLMNR/NETBIOS-ns poisoning. (anyways in a Active Directory environment, in theory, changing/managing wifi might be disabled by Group Policies) Once more, this is not a 100% the right answer thanks to Comptia's brightest minds working together behind Pentest+ questions.

brute forcing the system will lock it out and cause suspicion. But if you MITM the system and wait for the user to authenticate the system will send a user/hash out that can be used to either replay or brute force offline

PenTest+ Practice Tests Book - SYBEX D. - Link Local Multicast Name Resolution (LLMNR) and NetBIOS Name Service (NetBIOS-NS) poisoning can provide penetration testers with the ability to obtain a man-in-the-middle position, broadening their ability to gain access and information. One of the most commonly targeted services in a Windows network is NetBIOS. NetBIOS is commonly used for file sharing.

"A" seems to make sense. But according to Sybex Comptia PenTest+ Practice Test - Chapter 3 Question 190: the answer is "D"