312-50V13 Question #617: Real Exam Question with Answer & Explanation

Question

As a certified ethical hacker, you are tasked with gaining information about an enterprise's internal network. You are permitted to test the network's security using enumeration techniques. You successfully obtain a list of usernames using email IDs and execute a DNS Zone Transfer. Which enumeration technique would be most effective for your next move given that you have identified open TCP ports 25 (SMTP) and 139 (NetBIOS Session Service)?

Options

• APerform a brute force attack on Microsoft Active Directory to extract valid usernames
• BExploit the NetBIOS Session Service on TCP port 139 to gain unauthorized access to the file
• CUse SNMP to extract usernames given the community strings
• DExploit the NFS protocol on TCP port 2049 to gain control over a remote system

Explanation

Given open TCP port 139 (NetBIOS Session Service) and already having enumerated usernames, exploiting NetBIOS to gain unauthorized file access is the most effective next enumeration technique.

Common mistakes.

• A. While brute-forcing Active Directory is a technique, exploiting an already identified open and potentially vulnerable service (NetBIOS Session Service) on port 139 is a more direct and effective next step for gaining deeper information or access, given the context.
• C. Using SNMP to extract usernames would typically have been part of initial enumeration if SNMP was available and misconfigured; the question implies next steps after identifying open ports 25 and 139.
• D. Exploiting the NFS protocol on TCP port 2049 is not directly applicable here as NFS (port 2049) was not identified as an open port in the question's scenario, only ports 25 and 139.

Concept tested. NetBIOS enumeration and exploitation

Reference. https://learn.microsoft.com/en-us/previous-versions/tn-archive/bb726978(v=technet.10)

No community discussion yet for this question.