During an internal penetration test, several multicast and broadcast name resolution requests are observed traversing the network. Which of the following tools could be used to impersonate network resources and collect authentication requests?
PenTest+ Practice Tests Book
C. - In this scenario, the question specifically states “name resolution requests.” In this case, Responder is the best choice. Responder is a toolkit used to answer NetBIOS queries from Windows systems on a network. Tcpdump is a type of packet analyzer software utility that monitors and logs TCP/IP traffic passing between a network and the computer on which it is executed. Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. Medusa is a brute-force login attack tool that supports a variety of protocols and services.
Man-in-the-Middle Attack: The man-in-the-middle attack (abbreviated MITM, MitM, MIM, MiM, MITMA) is a form of active attack where an attacker makes a connection between the victims and send messages between them. Thus, victims think they are talking directly to each other, but actually an attacker controls it. In this scenario, an attacker has been successful when it can impersonate a user. On the other hand, a third person between you and the person with whom you are communicating exists and he can control and monitor your traffic. Fortunately, some protocols can prevent it, like SSL. A hacker can use the below software to implement this attack:
Cain and Abel / Subterfuge / Ettercap / AirJack
took this line in the question as a reference to Responder since it does multiple protocols.. just a thought
"""several multicast and broadcast name resolution requests are observed traversing the network."""
Responder is a NetBIOS Name Spoofing (NBNS) and Link-Local Multicast Name
Resolution (LLMNR) spoofing tool that can capture authentication attempts to a file.
Maybe: A. Ettercap?
Ettercap is a comprehensive suite for man in the middle attacks features: sniffing of live connections and content filtering on the fly. It supports: active and passive dissection of many protocols includes: many features for network and host analysis.
Responder seems like a different sort of thing. Responder is a toolkit that is used to answer NetBIOS queries. There is no indication that NetBIOS is being used here.
The indication for NetBIOS being used is the "name resolution requests".
upvoted 2 times
...
...
This section is not available anymore. Please use the main Exam Page.PT0-001 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mr_robot
Highly Voted 5 years agorunagerj
3 years, 7 months agoboblee
Highly Voted 4 years, 10 months agomiabe
Most Recent 2 years, 10 months ago[Removed]
3 years, 1 month agobaybay
3 years, 1 month agorunagerj
3 years, 7 months agoAriel235788
3 years, 6 months agosmalltech
3 years, 10 months agoD1960
4 years, 11 months agoAriel235788
3 years, 6 months ago1_2_B_Anonymous
4 years, 4 months ago