PT0-002 · Question #506
PT0-002 Question #506: Real Exam Question with Answer & Explanation
The correct answer is C: Attempt to read email.. Given the plaintext credentials for a mail server in the bash history, the penetration tester should next attempt to read email using those compromised credentials.
Question
A penetration tester gained access to one of the target company's servers. During the enumeration phase, the penetration tester lists the bash history and observes the following row: curl -k 'imaps://10.12.14.121' --user jsmith:Blu3moon -v Which of the following steps should the penetration tester take next?
Options
- ABrute force all mail users.
- BEnumerate mall server users.
- CAttempt to read email.
- DDownload hashes.
Explanation
Given the plaintext credentials for a mail server in the bash history, the penetration tester should next attempt to read email using those compromised credentials.
Common mistakes.
- A. Brute forcing all mail users is unnecessary and inefficient when valid credentials for one user (jsmith) have already been discovered.
- B. While enumerating mail server users could be a future step, attempting to read email with the already found credentials is a more immediate and impactful action, as it provides direct access to sensitive information.
- D. The command provided does not involve downloading hashes; it shows an attempt to access an IMAPS server using a username and plaintext password. While hashes might be present elsewhere, this specific discovery points to immediate email access.
Concept tested. Post-compromise enumeration and lateral movement
Topics
Community Discussion
No community discussion yet for this question.