ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-001 All Questions

View all questions & answers for the PT0-001 exam
Go to Exam

Exam PT0-001 topic 1 question 71 discussion

Actual exam question from CompTIA's PT0-001
Question #: 71
Topic #: 1
[All PT0-001 Questions]

During an internal network penetration test, a tester recovers the NTLM password hash for a user known to have full administrator privileges on a number of target systems. Efforts to crack the hash and recover the plaintext password have been unsuccessful.
Which of the following would be the BEST target for continued exploitation efforts?

  • A. Operating system: Windows 7 Open ports: 23, 161
  • B. Operating system: Windows Server 2016 Open ports: 53, 5900
  • C. Operating system: Windows 8.1 Open ports: 445, 3389
  • D. Operating system: Windows 8 Open ports: 514, 3389
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by D1960 at March 14, 2020, 4:29 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
D1960
Highly Voted 5 years, 3 months ago
For those not familiar with CompTIA: CompTIA loves, loves, *LOVES* questions about ports. You find such questions on the A+, Net+, Sec+, Linux+, CSA+, and CASP, among others. Port - Service 23 - telnet 53 - DNS 161 - SNMP 445 - SMB 514 - Remote Shell 3389 - RDP/WBT - Windows Based Termnal 5900 - VNC/RFB - Virtual Network Computer Port 445 can be hijacked, and is vulnerable to many kinds of attacks
upvoted 9 times
mr_robot
5 years, 2 months ago
I would agree with you on this one. "Port 445 is vulnerable to attacks, exploits and malware". https://www.senki.org/operators-security-toolkit/filtering-exploitable-ports-and-minimizing-risk-to-and-from-your-customers/ https://www.grc.com/port_445.htm
upvoted 2 times
...
...
D1960
Highly Voted 5 years ago
Completing a pass-the-hash attack seems to usually involve port 445. Try searching "pass-the-hash port 445" without quotes. For example: "All you need is a password hash to a system that has SMB file sharing open (port 445)" http://colesec.inventedtheinternet.com/hacking-windows-passwords-with-pass-the-hash/
upvoted 5 times
...
miabe
Most Recent 2 years, 11 months ago
Selected Answer: C
looks good to me
upvoted 1 times
...
Cock
3 years, 3 months ago
It was on the exam
upvoted 1 times
...
CapCrunch
3 years, 11 months ago
Most likely C NTLM over a Server Message Block (SMB) transport is a common use of NTLM authentication and encryption. Although KILE is the preferred authentication method of an SMB session as described in section 1, when a client attempts to authenticate to an SMB server using the KILE protocol and fails, it can attempt to authenticate with NTLM. Source: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/c083583f-1a8f-4afe-a742-6ee08ffeb8cf
upvoted 1 times
...
FluffyJohnson
4 years, 1 month ago
C.) Just ask all the victims when wannacry hit
upvoted 4 times
...
Da_MatriX
5 years, 1 month ago
I have no sources but A would be my real world option. Oldest OS with two UDP ports open. I'd grab this low hanging fruit first and look to pivot to another system.
upvoted 2 times
D1960
5 years, 1 month ago
You may be right. Port 23 is telnet, which is an insecure service. On the other hand: since the password could not be cracked, this might require a pass-the-hash attack. Can such an attack be done on a workstation? Or are such attacks only for servers?
upvoted 1 times
D1960
5 years, 1 month ago
According to this site: "Pass the hash is a technique that allows an attacker to authenticate to a remote **server** using the LM and/or NTLM hash of a user’s password, eliminating the need to crack/brute-force the hashes to obtain the clear text password (which is normally used to authenticate)." https://latesthackingnews.com/2017/08/22/what-is-pass-the-hash-attack/ Is pass-the-hash only for servers?
upvoted 2 times
mr_robot
5 years, 1 month ago
Looks like you can pass-the-hash even on Windows 10 workstations: https://www.sans.org/reading-room/whitepapers/testing/pass-the-hash-windows-10-39170 I still believe port 445 is commonly used by pass-the-hash attacks: https://isc.sans.edu/forums/diary/Pass+the+hash/19479/ https://null-byte.wonderhowto.com/how-to/perform-pass-hash-attack-get-system-access-windows-0196077/ http://www.lifeoverpentest.com/2017/09/pass-hash-2-passing-hash.html
upvoted 1 times
mr_robot
5 years ago
Found this article that states that pass-the-hash attacks on RDP (3389) sessions only work on Windows 2012 R2 and Windows 8.1: https://www.kali.org/penetration-testing/passing-hash-remote-desktop/
upvoted 1 times
...
...
...
...
pr0xyguy
3 years, 2 months ago
Also, Win 7 is not supported with security patches anymore.
upvoted 1 times
...
...
D1960
5 years, 2 months ago
Having thought about this, I wonder if the answer could be: B. Operating system: Windows Server 2016 Open ports: 53, 5900 This is the only answer where the OS is a server. Having full admin rights on a server would be most useful.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel