Join the discussion
Question 1/70
During an assessment, a penetration tester obtains an NTLM hash from a legacy Windows machine. Which of the following tools should the penetration tester use to continue the attack?
Correct Answer: D
When a penetration tester obtains an NTLM hash from a legacy Windows machine, they need to use a tool that can leverage this hash for further attacks, such as pass-the-hash attacks, or for cracking the hash. Here's a breakdown of the options:
Option A: Responder
Responder is primarily used for poisoning LLMNR, NBT-NS, and MDNS to capture hashes, but not for leveraging NTLM hashes obtained post-exploitation.
Option B: Hydra
Hydra is a password-cracking tool but not specifically designed for NTLM hashes or pass-the-hash attacks.
Option C: BloodHound
BloodHound is used for mapping out Active Directory relationships and identifying potential attack paths but not for using NTLM hashes directly.
Option D: CrackMapExec
CrackMapExec is a versatile tool that can perform pass-the-hash attacks, execute commands, and more using NTLM hashes. It is designed for post-exploitation scenarios involving NTLM hashes.
Reference from Pentest:
Forge HTB: Demonstrates the use of CrackMapExec for leveraging NTLM hashes to gain further access within a network.
Horizontall HTB: Shows how CrackMapExec can be used for various post-exploitation activities, including using NTLM hashes to authenticate and execute commands.
Conclusion:
Option D, CrackMapExec, is the most suitable tool for continuing the attack using an NTLM hash. It supports pass-the-hash techniques and other operations that can leverage NTLM hashes effectively.
Option A: Responder
Responder is primarily used for poisoning LLMNR, NBT-NS, and MDNS to capture hashes, but not for leveraging NTLM hashes obtained post-exploitation.
Option B: Hydra
Hydra is a password-cracking tool but not specifically designed for NTLM hashes or pass-the-hash attacks.
Option C: BloodHound
BloodHound is used for mapping out Active Directory relationships and identifying potential attack paths but not for using NTLM hashes directly.
Option D: CrackMapExec
CrackMapExec is a versatile tool that can perform pass-the-hash attacks, execute commands, and more using NTLM hashes. It is designed for post-exploitation scenarios involving NTLM hashes.
Reference from Pentest:
Forge HTB: Demonstrates the use of CrackMapExec for leveraging NTLM hashes to gain further access within a network.
Horizontall HTB: Shows how CrackMapExec can be used for various post-exploitation activities, including using NTLM hashes to authenticate and execute commands.
Conclusion:
Option D, CrackMapExec, is the most suitable tool for continuing the attack using an NTLM hash. It supports pass-the-hash techniques and other operations that can leverage NTLM hashes effectively.
Add Comments
- Other Question (70q)
- Q1. During an assessment, a penetration tester obtains an NTLM hash from a legacy Windows mach...
- Q2. Which of the following is the most efficient way to infiltrate a file containing data that...
- Q3. Which of the following post-exploitation activities allows a penetration tester to maintai...
- Q4. A penetration tester is developing the rules of engagement for a potential client. Which o...
- Q5. During an assessment, a penetration tester obtains a low-privilege shell and then runs the...
- Q6. Which of the following elements in a lock should be aligned to a specific level to allow t...
- Q7. SIMULATION A previous penetration test report identified a host with vulnerabilities that ...
- Q8. During the reconnaissance phase, a penetration tester collected the following information ...
- Q9. A penetration tester is authorized to perform a DoS attack against a host on a network. Gi...
- Q10. During an assessment, a penetration tester manages to get RDP access via a low-privilege u...
- Q11. Given the following script: $1 = [System.Security.Principal.WindowsIdentity]::GetCurrent()...
- Q12. A penetration tester gains access to a domain server and wants to enumerate the systems wi...
- Q13. A penetration tester wants to create a malicious QR code to assist with a physical securit...
- Q14. A penetration tester assesses an application allow list and has limited command-line acces...
- Q15. You are a security analyst tasked with hardening a web server. You have been given a list ...
- Q16. A penetration tester needs to evaluate the order in which the next systems will be selecte...
- Q17. A penetration tester is testing a power plant's network and needs to avoid disruption to t...
- Q18. While conducting an assessment, a penetration tester identifies the details for several un...
- Q19. During an assessment, a penetration tester runs the following command: setspn.exe -Q / Whi...
- Q20. A penetration tester needs to scan a remote infrastructure with Nmap. The tester issues th...
- Q21. A penetration tester creates a list of target domains that require further enumeration. Th...
- Q22. During a pre-engagement activity with a new customer, a penetration tester looks for asset...
- Q23. Which of the following protocols would a penetration tester most likely utilize to exfiltr...
- Q24. A penetration tester is attempting to discover vulnerabilities in a company's web applicat...
- Q25. Which of the following is within the scope of proper handling and most crucial when workin...
- Q26. During an engagement, a penetration tester needs to break the key for the Wi-Fi network th...
- Q27. A penetration tester needs to use the native binaries on a system in order to download a f...
- Q28. A penetration tester downloads a JAR file that is used in an organization's production env...
- Q29. During an engagement, a penetration tester wants to enumerate users from Linux systems by ...
- Q30. You are a penetration tester reviewing a client's website through a web browser. INSTRUCTI...
- Q31. During a security assessment for an internal corporate network, a penetration tester wants...
- Q32. A penetration tester obtains password dumps associated with the target and identifies stri...
- Q33. SIMULATION You are a penetration tester running port scans on a server. INSTRUCTIONS Part ...
- Q34. A penetration tester attempts unauthorized entry to the company's server room as part of a...
- Q35. A penetration tester gains shell access to a Windows host. The tester needs to permanently...
- Q36. During a penetration testing engagement, a tester targets the internet-facing services use...
- Q37. During a security assessment, a penetration tester needs to exploit a vulnerability in a w...
- Q38. Which of the following techniques is the best way to avoid detection by data loss preventi...
- Q39. During a penetration test, you gain access to a system with a limited user interface. This...
- Q40. A penetration tester performs an assessment on the target company's Kubernetes cluster usi...
- Q41. A penetration tester needs to confirm the version number of a client's web application ser...
- Q42. A penetration tester discovers data to stage and exfiltrate. The client has authorized mov...
- Q43. During a penetration test, the tester gains full access to the application's source code. ...
- Q44. A penetration tester gains initial access to a target system by exploiting a recent RCE vu...
- Q45. A penetration tester is performing a security review of a web application. Which of the fo...
- Q46. After a recent penetration test was conducted by the company's penetration testing team, a...
- Q47. During a penetration test, a tester attempts to pivot from one Windows 10 system to anothe...
- Q48. During an engagement, a penetration tester found some weaknesses that were common across t...
- Q49. A tester compromises a target host and then wants to maintain persistent access. Which of ...
- Q50. A client warns the assessment team that an ICS application is maintained by the manufactur...
- Q51. A penetration tester would like to leverage a CSRF vulnerability to gather sensitive detai...
- Q52. A penetration tester gains initial access to an endpoint and needs to execute a payload to...
- Q53. During a penetration test, the tester uses a vulnerability scanner to collect information ...
- Q54. A tester plans to perform an attack technique over a compromised host. The tester prepares...
- Q55. Which of the following technologies is most likely used with badge cloning? (Select two)....
- Q56. A consultant starts a network penetration test. The consultant uses a laptop that is hardw...
- Q57. A penetration tester plans to conduct reconnaissance during an engagement using readily av...
- Q58. A penetration tester enumerates a legacy Windows host on the same subnet. The tester needs...
- Q59. During an external penetration test, a tester receives the following output from a tool: t...
- Q60. A penetration tester cannot find information on the target company's systems using common ...
- Q61. A tester performs a vulnerability scan and identifies several outdated libraries used with...
- Q62. A penetration tester is performing network reconnaissance. The tester wants to gather info...
- Q63. A penetration tester needs to collect information over the network for further steps in an...
- Q64. SIMULATION A penetration tester performs several Nmap scans against the web application fo...
- Q65. A penetration tester cannot complete a full vulnerability scan because the client's WAF is...
- Q66. A penetration tester needs to complete cleanup activities from the testing lead. Which of ...
- Q67. A penetration tester needs to identify all vulnerable input fields on a customer website. ...
- Q68. Which of the following tasks would ensure the key outputs from a penetration test are not ...
- Q69. A penetration tester wants to use multiple TTPs to assess the reactions (alerted, blocked,...
- Q70. A penetration tester gains access to a host but does not have access to any type of shell....
