PT0-002 Question #109: Real Exam Question with Answer & Explanation

Question

A penetration tester runs a scan against a server and obtains the following output: Which of the following command sequences should the penetration tester try NEXT?

Options

• Aftp 192.168.53.23
• Bsmbclient \\\\WEB3\\IPC$ -I 192.168.53.23 -U guest
• Cncrack -u Administrator -P 15worst_passwords.txt -p rdp 192.168.53.23
• Dcurl -X TRACE https://192.168.53.23:8443/index.aspx
• Enmap --script vuln -sV 192.168.53.23

Explanation

Given that 'A' is the correct answer, the prior scan output must have indicated an open FTP service on the target, making direct interaction with the service the logical next step.

Common mistakes.

• B. Connecting to an SMB share with 'smbclient' would be appropriate if SMB (port 445) was identified as an open and interesting service, which is not indicated as the primary next step here.
• C. Using 'ncrack' to brute force RDP implies RDP (port 3389) was identified and deemed suitable for brute-forcing, but this is not the implied next step over direct service interaction.
• D. Attempting an HTTP TRACE method with 'curl' targets a web service, which may or may not be the primary next step based on the unspecified initial scan output.
• E. Running another 'nmap' scan with vulnerability scripts is a reconnaissance activity, but the question asks what to 'try NEXT' after a scan, implying an attempt to interact with a discovered service.

Concept tested. Initial service interaction post-scanning

Reference. https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml

No community discussion yet for this question.