PT0-002 Question #424: Real Exam Question with Answer & Explanation

The correct answer is C: HavelBeenPwned. HaveIBeenPwned is a website that allows users to check if their personal data has been compromised by data breaches. For a penetration tester preparing a credential stuffing attack, HaveIBeenPwned can provide valuable information about which accounts and passwords have been expos

Information Gathering and Vulnerability Scanning

Question

A penetration tester is preparing a credential stuffing attack against a company's website. Which of the following can be used to passively get the most relevant information?

Options

AShodan
BBeEF
CHavelBeenPwned
DMaltego

Explanation

HaveIBeenPwned is a website that allows users to check if their personal data has been compromised by data breaches. For a penetration tester preparing a credential stuffing attack, HaveIBeenPwned can provide valuable information about which accounts and passwords have been exposed, making them more likely targets for successful credential stuffing. This passive information gathering tool can help in identifying the most relevant credentials without actively probing the target's systems. The other tools listed (Shodan, BeEF, Maltego) serve different purposes, such as device and service enumeration, client-side exploitation, and information gathering through different means, respectively.

Topics

#Credential Stuffing#Passive Reconnaissance#OSINT Tools#Breach Data

Community Discussion

No community discussion yet for this question.

Full PT0-002 Practice Browse All PT0-002 Questions