CompTIA
CAS-003 · Question #836
CAS-003 Question #836: Real Exam Question with Answer & Explanation
The correct answer is D: Use Medusa to perform an online attack of the HELPDESK account.. When tool output identifies an active network-accessible account like HELPDESK, using Medusa for an online brute force attack is the most logical next step to attempt unauthorized access over the network.
Question
An analyst is testing the security of a server and attempting to infiltrate the network. The analyst is able to obtain the following output after running some tools on the server: Which of the following will the analyst most likely do NEXT?
Exhibit
Options
- AUse John the Ripper to attempt password recovery.
- BLog in with either of the administrator passwords shown.
- CLog in with the guest account since it has a blank password.
- DUse Medusa to perform an online attack of the HELPDESK account.
Explanation
When tool output identifies an active network-accessible account like HELPDESK, using Medusa for an online brute force attack is the most logical next step to attempt unauthorized access over the network.
Common mistakes.
- A. John the Ripper is an offline password hash cracker that requires previously captured hash files to operate - it cannot directly attack a live network authentication service.
- B. The tool output displays hashed or otherwise non-plaintext administrator credentials, meaning there are no usable cleartext passwords available to log in with directly.
- C. Even if the guest account shows a blank password hash in the output, the guest account is disabled by default on modern Windows systems and is typically blocked from network login via Group Policy regardless of its password state.
Concept tested. Online brute force tool selection for live network authentication attacks
Reference. https://www.kali.org/tools/medusa/
Community Discussion
No community discussion yet for this question.