nerdexam
GIAC

GCIH · Question #685

What request methods are exploited in a Lanturtle + Responder access attack?

The correct answer is C. DNS. This question identifies the network protocol exploited when a LAN Turtle running Responder performs credential capture via name resolution poisoning.

Reconnaissance, Scanning, and Enumeration

Question

What request methods are exploited in a Lanturtle + Responder access attack?

Options

  • AHTTP
  • BICMP echo
  • CDNS
  • DTCP

How the community answered

(25 responses)
  • B
    8% (2)
  • C
    88% (22)
  • D
    4% (1)

Why each option

This question identifies the network protocol exploited when a LAN Turtle running Responder performs credential capture via name resolution poisoning.

AHTTP

HTTP is used by Responder to host a rogue server after the initial poisoning, but it is not the broadcast name resolution protocol that triggers the attack.

BICMP echo

ICMP echo is a diagnostic reachability protocol and plays no role in name resolution poisoning.

CDNSCorrect

Responder exploits LLMNR (Link-Local Multicast Name Resolution) and mDNS, which are DNS-based broadcast name resolution protocols. When a LAN Turtle deploys Responder on a target network, it poisons these DNS-family requests to intercept NTLMv2 credential hashes from machines attempting to resolve hostnames.

DTCP

TCP is a transport layer protocol, not a name resolution mechanism, and is not the request method exploited in this attack.

Concept tested: LLMNR/DNS poisoning using LAN Turtle and Responder

Source: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-llmnrp/43d2afd8-f6c7-4c9a-bb17-f24f7f87cb5d

Topics

#Responder#LLMNR/NBT-NS#DNS poisoning#credential capture

Community Discussion

No community discussion yet for this question.

Full GCIH Practice