GCIH · Question #685
What request methods are exploited in a Lanturtle + Responder access attack?
The correct answer is C. DNS. This question identifies the network protocol exploited when a LAN Turtle running Responder performs credential capture via name resolution poisoning.
Question
What request methods are exploited in a Lanturtle + Responder access attack?
Options
- AHTTP
- BICMP echo
- CDNS
- DTCP
How the community answered
(25 responses)- B8% (2)
- C88% (22)
- D4% (1)
Why each option
This question identifies the network protocol exploited when a LAN Turtle running Responder performs credential capture via name resolution poisoning.
HTTP is used by Responder to host a rogue server after the initial poisoning, but it is not the broadcast name resolution protocol that triggers the attack.
ICMP echo is a diagnostic reachability protocol and plays no role in name resolution poisoning.
Responder exploits LLMNR (Link-Local Multicast Name Resolution) and mDNS, which are DNS-based broadcast name resolution protocols. When a LAN Turtle deploys Responder on a target network, it poisons these DNS-family requests to intercept NTLMv2 credential hashes from machines attempting to resolve hostnames.
TCP is a transport layer protocol, not a name resolution mechanism, and is not the request method exploited in this attack.
Concept tested: LLMNR/DNS poisoning using LAN Turtle and Responder
Source: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-llmnrp/43d2afd8-f6c7-4c9a-bb17-f24f7f87cb5d
Topics
Community Discussion
No community discussion yet for this question.