ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-001 All Questions

View all questions & answers for the PT0-001 exam
Go to Exam

Exam PT0-001 topic 1 question 196 discussion

Actual exam question from CompTIA's PT0-001
Question #: 196
Topic #: 1
[All PT0-001 Questions]

A penetration tester is performing a remote internal penetration test by connecting to the testing system from the Internet via a reverse SSH tunnel. The testing system has been placed on a general user subnet with an IP address of 192.168.1.13 and a gateway of 192.168.1.1. Immediately after running the command below, the penetration tester's SSH connection to the testing platform drops:

Which of the following ettercap commands should the penetration tester use in the future to perform ARP spoofing while maintaining a reliable connection?

  • A. # sudo ettercap ג€"Tq ג€"w output.cap ג€"M ARP /192.168.1.0/ /192.168.1.255/
  • B. # proxychains ettercap ג€"Tq ג€"w output.cap ג€"M ARP /192.168.1.13/ /192.168.1.1/
  • C. # ettercap ג€"Tq ג€"w output.cap ג€"M ARP 00:00:00:00:00:00//80 FF:FF:FF:FF:FF:FF//80
  • D. # ettercap ג€"ג€"safe-mode ג€"Tq ג€"w output.cap ג€"M ARP /192.168.1.2ג€"255/ /192.168.1.13/
  • E. # ettercap ג€"Tq ג€"w output.cap ג€"M ARP /192.168.1.2ג€"12;192.168.1.14ג€"255/ /192.168.1.1/
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by DrChats at July 7, 2021, 2:44 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
versun
Highly Voted 3 years, 10 months ago
Sorry,A is Wrong! Correct answer is E. Because we need exclude 192.168.1.13
upvoted 5 times
versun
3 years, 10 months ago
https://linux.die.net/man/8/ettercap
upvoted 1 times
...
versun
3 years, 10 months ago
format option: A. # sudo ettercap –Tq –w output.cap –M ARP /192.168.1.0/ /192.168.1.255/ B. # proxychains ettercap –Tq –w output.cap –M ARP /192.168.1.13/ /192.168.1.1/ C. # ettercap –Tq –w output.cap –M ARP 00:00:00:00:00:00//80 FF:FF:FF:FF:FF:FF//80 D. # ettercap ––safe-mode –Tq –w output.cap –M ARP /192.168.1.2–255/ /192.168.1.13/ E. # ettercap –Tq –w output.cap –M ARP /192.168.1.2–12;192.168.1.14–255/ /192.168.1.1/
upvoted 9 times
...
...
miabe
Most Recent 2 years, 9 months ago
Selected Answer: E
ettercap –Tq –w output.cap –M ARP /192.168.1.2–12;192.168.1.14–255/ /192.168.1.1/
upvoted 1 times
...
Cock
3 years, 2 months ago
It was on the exam
upvoted 2 times
...
mirko1976
3 years, 7 months ago
I think E is the write answer (https://linux.die.net/man/8/ettercap --> arp) The parameter "oneway" will force ettercap to poison only from TARGET1 to TARGET2. Useful if you want to poison only the client and not the router (where an arp watcher can be in place). Example: the targets are: /10.0.0.1-5/ /10.0.0.15-20/ and the host list is: 10.0.0.1 10.0.0.3 10.0.0.16 10.0.0.18 the associations between the victims will be: 1 and 16, 1 and 18, 3 and 16, 3 and 18 if the targets overlap each other, the association with identical ip address will be skipped. NOTE: if you manage to poison a client, you have to set correct routing table in the kernel specifying the GW. If your routing table is incorrect, the poisoned clients will not be able to navigate the Internet.
upvoted 3 times
...
liledag
3 years, 9 months ago
the answer is E
upvoted 3 times
...
DrChats
3 years, 10 months ago
Any ideas guys
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago