nerdexam
EC-Council

312-50V9 · Question #551

Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the c

The correct answer is C. Eve is trying to carry out a password crack for user Administrator. Eve's FOR loop iterates through candidate passwords in hackfile.txt and attempts to authenticate as Administrator over SMB using each one, which is a dictionary-based password cracking attack.

System Hacking

Question

Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command. For /f "tokens=1 %%a in (hackfile.txt) do net use * \10.1.2.3\c$ /user:"Administrator" %%a What is Eve trying to do?

Options

  • AEve is trying to connect as an user with Administrator privileges
  • BEve is trying to enumerate all users with Administrative privileges
  • CEve is trying to carry out a password crack for user Administrator
  • DEve is trying to escalate privilege of the null user to that of Administrator

How the community answered

(66 responses)
  • A
    15% (10)
  • B
    8% (5)
  • C
    74% (49)
  • D
    3% (2)

Why each option

Eve's FOR loop iterates through candidate passwords in hackfile.txt and attempts to authenticate as Administrator over SMB using each one, which is a dictionary-based password cracking attack.

AEve is trying to connect as an user with Administrator privileges

Eve is not yet connecting as a privileged user - she is attempting to discover the correct password that would allow such a connection, meaning no successful authentication has occurred yet.

BEve is trying to enumerate all users with Administrative privileges

The command does not enumerate users with administrative privileges; it targets only the single Administrator account while cycling through password candidates.

CEve is trying to carry out a password crack for user AdministratorCorrect

The batch loop reads each token from hackfile.txt - a wordlist of candidate passwords - and substitutes it into a net use command targeting the C$ administrative share as user Administrator. This is a dictionary password attack: systematically trying known or guessed passwords against a single account until one succeeds. Port 445 being open confirms SMB is available as the attack surface.

DEve is trying to escalate privilege of the null user to that of Administrator

The command does not involve a null session or privilege escalation; it explicitly specifies the Administrator username and tests passwords against that account directly.

Concept tested: Dictionary password attack via SMB net use command

Source: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/gg651155(v=ws.11)

Topics

#dictionary attack#password cracking#SMB#null session

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice