nerdexam
ExamsGCIHQuestions#754
GIAC

GCIH · Question #754

GCIH Question #754: Real Exam Question with Answer & Explanation

The correct answer is A: Brute force an md5 hash whose input was numbers. The hashcat command performs a brute force mask attack against MD5 hashes using a six-digit numeric pattern.

Vulnerability Exploitation & Privilege Escalation

Question

What is the outcome of the command below? hashcat -m 0 -a 3 ntds.dat --potfile-path ntds.potfile -1 ?d?d?d?d?d?d

Options

  • ABrute force an md5 hash whose input was numbers
  • BCrack six digit LANMAN passwords
  • CRemove the encryption from the ntds.dat file
  • DCreate a dictionary of 3000 usernames

Explanation

The hashcat command performs a brute force mask attack against MD5 hashes using a six-digit numeric pattern.

Common mistakes.

  • B. LANMAN hashes require '-m 3000' in hashcat, not '-m 0', and LANMAN operates on uppercase ASCII-split strings rather than purely numeric six-digit inputs.
  • C. Hashcat is a hash-cracking tool that recovers plaintext values; it does not decrypt or modify the ntds.dat Active Directory database file itself.
  • D. Hashcat does not generate username dictionaries; '-a 3' is a mask-based brute force attack mode, not a list generation or enumeration function.

Concept tested. Hashcat MD5 brute force mask attack parameter interpretation

Reference. https://hashcat.net/wiki/doku.php?id=hashcat

Topics

#hashcat#MD5 cracking#brute force#mask attack

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice