ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-001 All Questions

View all questions & answers for the PT0-001 exam
Go to Exam

Exam PT0-001 topic 1 question 23 discussion

Actual exam question from CompTIA's PT0-001
Question #: 23
Topic #: 1
[All PT0-001 Questions]

A malicious user wants to perform an MITM attack on a computer. The computer network configuration is given below:

IP: 192.168.1.20 -

NETMASK: 255.255.255.0 -

DEFAULT GATEWAY: 192.168.1.254 -

DHCP: 192.168.1.253 -
DNS: 192.168.10.10, 192.168.20.10
Which of the following commands should the malicious user execute to perform the MITM attack?

  • A. arpspoof -c both -r -t 192.168.1.1 192.168.1.20
  • B. arpspoof -t 192.168.1.20 192.168.1.254
  • C. arpspoof -c both -t 192.168.1.20 192.168.1.253
  • D. arpspoof -r -t 192.168.1.253 192.168.1.20
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Reference:
https://www.hackers-arise.com/single-post/2017/07/25/Man-the-Middle-MiTM-Attack-with-ARPspoofing
by mr_robot at April 6, 2020, 1:05 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mr_robot
Highly Voted 5 years ago
PenTest+ Practice Tests Book - SYBEX B. - A man-in-the-middle attack intercepts a communication between two systems. ARP stands for Address Resolution Protocol, and it allows the network to translate IP addresses into MAC addresses. In this scenario, the attacker wants to perform a manin- the-middle attack; it is done by performing arpspoof -t <victimIP> <gatewayIP>. The -t switch specifies a particular host to ARP poison.
upvoted 12 times
who__cares123456789___
4 years, 3 months ago
I think tis is a typo? Command would be "arpspoof -t 192.168.1.20 -r 192.168.1.254" ?? arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host -i interface Specify the interface to use. -c own|host|both: Specify which hardware address t use when restoring the arp configuration; while cleaning up, packets can be send with the own address as well as with the address of the host. Sending packets with a fake hw address can disrupt connectivity with certain switch/ap/bridge configurations, however it works more reliably than using the own address, which is the default way arpspoof cleans up afterwards. -t target: Specify a particular host to ARP poison (if not specified, all hosts on the LAN). Repeat to specify multiple hosts. -r: Poison both hosts (host and target) to capture traffic in both directions. (only valid in conjuntion with -t) host: Specify the host you wish to intercept packets for (usually the local gateway).
upvoted 1 times
...
...
miabe
Most Recent 2 years, 10 months ago
Selected Answer: B
looks good to me
upvoted 1 times
...
rlelliott
4 years, 3 months ago
In a MITM ArpSpoof attack you must tell the target machine your MAC is for his Default Gateway - "arpspoof -t 192.168.1.20 192.168.1.254" Then you must tell his Default Gateway your MAC address is that of the target machine - "arpspoof -t 192.168.1.254 192.168.1.20" So in actuality you need to issue 2 commands, the correct answer for this question is B arpspoof -t 192.168.1.20 192.168.1.254 which is one of the commands that must be initiated.
upvoted 2 times
...
EZPASS
4 years, 4 months ago
I believe the correct answer is B.
upvoted 1 times
...
[Removed]
4 years, 8 months ago
arpspoof -i eth0 -t victimIP -r DefaultGateway -i is for interface. -t is for target. -r is for default gateway.
upvoted 4 times
...
NoImDirtyDan
4 years, 9 months ago
Correct answer is D. You must use -r to capture traffic in both directions, creating a true MITM.
upvoted 1 times
1_2_B_Anonymous
4 years, 4 months ago
You would want to arpspoof the gateway not the DHCP server. D uses 253 not 254.
upvoted 1 times
...
dyers
4 years ago
Even if you don't intercept traffic in both directions, doesn't mean you're not still the man in the middle.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago