nerdexam
GIAC

GPEN · Question #477

GPEN Question #477: Real Exam Question with Answer & Explanation

The correct answer is C. Attempting to exploit windows File and Print Sharing service. The command output depicts a tool exploiting the Windows File and Print Sharing service (SMB) on the target host at 10.0.1.4.

Question

Analyze the command output below. What action is being performed by the tester?

Exhibit

GPEN question #477 exhibit

Options

  • ACreating user accounts on 10.0.1.4 and testing privileges
  • BCollecting password hashes for users on 10.0.1.4
  • CAttempting to exploit windows File and Print Sharing service
  • DGathering Security identifiers for accounts on 10.0.1.4

Explanation

The command output depicts a tool exploiting the Windows File and Print Sharing service (SMB) on the target host at 10.0.1.4.

Common mistakes.

  • A. Creating and testing user accounts would involve commands like 'net user' or privilege escalation utilities post-exploitation, not an initial service exploit.
  • B. Collecting password hashes typically requires post-exploitation tools such as Mimikatz or Metasploit's hashdump module, which run after access is already established.
  • D. Gathering Security Identifiers would use enumeration tools such as enum4linux or rpcclient targeting RPC/LDAP, not an SMB exploit framework.

Concept tested. Exploiting Windows SMB File and Print Sharing service vulnerabilities

Reference. https://docs.rapid7.com/metasploit/ms08-067-microsoft-server-service-relative-path-stack-corruption/

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GPEN Practice