312-50V9 · Question #551
Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the c
The correct answer is C. Eve is trying to carry out a password crack for user Administrator. Eve's FOR loop iterates through candidate passwords in hackfile.txt and attempts to authenticate as Administrator over SMB using each one, which is a dictionary-based password cracking attack.
Question
Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command. For /f "tokens=1 %%a in (hackfile.txt) do net use * \10.1.2.3\c$ /user:"Administrator" %%a What is Eve trying to do?
Options
- AEve is trying to connect as an user with Administrator privileges
- BEve is trying to enumerate all users with Administrative privileges
- CEve is trying to carry out a password crack for user Administrator
- DEve is trying to escalate privilege of the null user to that of Administrator
How the community answered
(66 responses)- A15% (10)
- B8% (5)
- C74% (49)
- D3% (2)
Why each option
Eve's FOR loop iterates through candidate passwords in hackfile.txt and attempts to authenticate as Administrator over SMB using each one, which is a dictionary-based password cracking attack.
Eve is not yet connecting as a privileged user - she is attempting to discover the correct password that would allow such a connection, meaning no successful authentication has occurred yet.
The command does not enumerate users with administrative privileges; it targets only the single Administrator account while cycling through password candidates.
The batch loop reads each token from hackfile.txt - a wordlist of candidate passwords - and substitutes it into a net use command targeting the C$ administrative share as user Administrator. This is a dictionary password attack: systematically trying known or guessed passwords against a single account until one succeeds. Port 445 being open confirms SMB is available as the attack surface.
The command does not involve a null session or privilege escalation; it explicitly specifies the Administrator username and tests passwords against that account directly.
Concept tested: Dictionary password attack via SMB net use command
Source: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/gg651155(v=ws.11)
Topics
Community Discussion
No community discussion yet for this question.