A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would BEST support this task?
A.
Run nmap with the -O, -p22, and -sC options set against the target.
B.
Run nmap with the -sV and -p22 options set against the target.
C.
Run nmap with the --script vulners option set against the target.
D.
Run nmap with the -sA option set against the target.
The correct answer is C. Run nmap with the --script vulners option set against the target. The --script vulners option will scan the target for vulnerabilities associated with Common Vulnerabilities and Exposures (CVEs). It can be used to identify potential CVEs that can be leveraged to gain execution on the Linux server.
Example: nmap --script vulners -p 22 10.1.1.1
The other choices are incorrect because they do not include the --script vulners option which is necessary to identify CVEs. Option A includes the -O and -sC options which can be used to identify the operating system and services running on the target, however, it does not include the --script vulners option. Option B includes the -sV and -p22 options which can be used to identify the service versions running on the target and the port number, however, it does not include the --script vulner option. Option D includes the -sA option which can be used to perform an ACK scan, however, it does not include the --script vulners option.
I always like to find corroborating data from external searches, especially when the answers are so divided. Out of yours and githubs mouth, almost verbatim.
To identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running, the penetration tester should use Nmap with the -sV and -p22 options set against the target.
The -sV option tells Nmap to perform service version detection, which can identify the version of the SSH service running on the target. The -p22 option tells Nmap to scan only the port 22, which is the default port for SSH.
By using these options, the penetration tester can identify the SSH version running on the target, which can be cross-referenced against known vulnerabilities in the National Vulnerability Database (NVD) or other sources.
Therefore, the correct answer is B. Run nmap with the -sV and -p22 options set against the target.
In the context of identifying Common Vulnerabilities and Exposures (CVEs) that can be leveraged against a specific service, you would typically want to identify the version of the service running and then search for known vulnerabilities associated with that version.
Nmap offers several options for scanning, and among the choices presented, the option that would be best for identifying the version of the SSH daemon (SSHD) running on the target, and then cross-referencing known vulnerabilities, would be:
C. Run nmap with the `--script vulners` option set against the target.
This option would leverage the "vulners" NSE script to query the Vulners CVE Database and provide information about known vulnerabilities for the identified versions of services running on the target.
So the correct answer to this question is:
C. Run nmap with the `--script vulners` option set against the target.
CORRECT ANSWER = Option C
Option C, utilizing the Vulners script, directly targets CVEs associated with the services running on the target. This script is tailored to identify known vulnerabilities, which may not necessarily rely solely on the version of the service. It searches for vulnerabilities based on various parameters, such as service banners, responses, and other characteristics, providing a more comprehensive approach.
Option A focuses on general reconnaissance, including determining the operating system and version of services. While knowing the service version can be valuable for understanding potential vulnerabilities, it doesn't guarantee the identification of specific CVEs. Also, in the context of SSH, many vulnerabilities are not version-specific but are instead based on configuration issues, authentication mechanisms, or other factors.
C. Run nmap with the –script vulners option set against the target.
Explanation:
Using Nmap with the --script vulners option will leverage the vulners script, which checks for vulnerabilities on the target system based on the services running and their versions. This script will directly provide information about known vulnerabilities (CVEs) related to the detected services, including SSH.
The only one answer valid is C because:
not A: -O identify the operating system and -sC executes DEFAULT scripts, not specified scripts. In default scripts you have not something direct to identify CVE
not B: -sV is used to identify the version of the services
not D: -sA is used to have an ACK scan, useful to definy the firewall status, but not useful to identify CVE
This option specifically uses the "vulners" script which is designed to identify common vulnerabilities in various services, including SSH.
It's the most focused and effective option for finding exploitable CVEs.
I just put this question into ChatGPT and this was the output:
To identify CVEs that can be leveraged to gain execution on a Linux server running SSHD, the best option among the given choices is:
C. Run nmap with the --script vulners option set against the target.
Explanation:
Nmap is a network scanning tool that can be used to identify open ports and services on a target system.
The --script vulners option in Nmap is used to scan for known vulnerabilities (CVEs) in the target system by using the Vulners NSE script.
Vulners is a script that searches for known vulnerabilities in the National Vulnerability Database (NVD) and other sources.
Using this script helps identify vulnerabilities related to SSHD or any other services running on the target system, which can be leveraged for gaining unauthorized access or execution.
Options A and B do not specifically focus on identifying vulnerabilities or CVEs related to SSHD. Option D (-sA) is used for identifying hosts that are alive, but it is not specifically designed for vulnerability scanning or identification.
The answer is C
C. Run nmap with the --script vulners option set against the target.
The --script vulners option will run Nmap's Vulners script, which enumerates vulnerabilities associated with open ports and services identified during scanning. This would help the penetration tester identify potential CVEs related to the SSH service that could be leveraged to gain execution.
Options A and B would scan and enumerate versions but not correlate to CVEs. Option D (-sA) is not particularly useful here as it does a TCP ACK scan which is less common for initial enumeration.
--script vulners cannot be the right answer do to the fact that the argument -sV is missing so the scan will not get any valid results.
Don’t forget to pass “-sV” argument while using NSE scripts. Nmap-vulners will be unable to access the Vulners exploit database if it does not receive any version information from Nmap. So, the -sV parameter is required all the time.
ANSWER IS C= --scrips vulners.The Nmap option -sC enables script scan mode, which tells Nmap to select the default scripts and execute them if the host or port rule matches. THEREFOR THIS SWITCH JUST ACTIVATES GENERALSCRIPTS. It does not scan for CVE vulnerbilities specifically. The (--script vulners) SPECIFIVALLY IDENTIFIES THE CVE VULNERABILITIES AND WILL OUT PUT ON NMAP SCAN SCREEN THE ABREVIATION CVE ALONG SIDE ITS CVE VULNERABILITY.
This section is not available anymore. Please use the main Exam Page.PT0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
RRabbit_111
Highly Voted 7 months, 3 weeks agoLiveLaughToasterBath
1 year, 4 months agoManzer
Highly Voted 2 years, 7 months agoxviruz2kx
Most Recent 7 months, 3 weeks agosolutionz
7 months, 3 weeks agosurfuganda
7 months, 3 weeks agoEtc_Shadow28000
7 months, 3 weeks agoMeisAdriano
7 months, 3 weeks agofuzzyguzzy
9 months agoPaula77
10 months, 4 weeks agooutnumber_gargle024
11 months, 3 weeks agooutnumber_gargle024
11 months, 3 weeks agodeeden
1 year, 2 months agoKeToopStudy
1 year, 4 months agoUseChatGPT
1 year, 7 months agoTest1269
1 year, 3 months agoiamtylerman
1 year, 6 months agotesticaleight
1 year, 7 months agoFnordyClovers
1 year, 8 months agobieecop
1 year, 9 months agoKeToopStudy
1 year, 9 months agoglenpharmd
2 years ago