PT0-003 Online Practice Questions and Answers

Correct Answer: C

A rootkit is a type of malicious software designed to provide an attacker with unauthorized access to a computer system while concealing its presence. Rootkits achieve this by modifying the host's operating system or other software to hide

their existence, allowing the attacker to maintain control over the system without detection.

Definition and Purpose:

Mechanisms of Action:

Detection and Prevention:

Real-World Examples:

References from Pentesting Literature:

Step-by-Step ExplanationReferences:

Penetration Testing - A Hands-on Introduction to Hacking HTB Official Writeups on sophisticated attacks

Correct Answer: C

The command crackmapexec smb 192.168.1.0/24 -u user.txt -p Summer123@ is used to perform password spraying on internal systems. CrackMapExec (CME) is a post- exploitation tool that helps automate the process of assessing large

Active Directory networks. It supports multiple protocols, including SMB, and can perform various actions like password spraying, command execution, and more.

CrackMapExec:

Command Breakdown:

Password Spraying:

Pentest References:

Password Spraying: An effective method for gaining initial access during penetration tests, particularly against organizations that have weak password policies or commonly used passwords. CrackMapExec: Widely used in penetration testing

for its ability to automate and streamline the process of credential validation and exploitation across large networks. By using the specified command, the tester performs a password spraying attack, attempting to log in with a common

password across multiple usernames, identifying potential weak accounts.

Correct Answer: C

To collect information over the network, especially during an internal assessment, tools that can capture and analyze network traffic are essential. Responder is specifically designed for this purpose, and it can capture NTLM hashes and other

credentials by poisoning various network protocols. Here's a breakdown of the options:

Option A: ntlmrelayx.py -t 192.168.1.0/24 -1 1234 Option B: nc -tulpn 1234 192.168.1.2

Option C: responder.py -I eth0 -wP

Option D: crackmapexec smb 192.168.1.0/24

References from Pentest:

Anubis HTB: Highlights the use of Responder to capture network credentials and hashes during internal assessments.

Horizontall HTB: Demonstrates the effectiveness of Responder in capturing and analyzing network traffic for further exploitation.

Correct Answer: A

Dnsenum is a tool specifically designed to gather information about DNS, including domain structure and associated IP addresses. Here's why option A is correct:

Dnsenum: This tool is used for DNS enumeration and can gather information about a domain's DNS records, subdomains, IP addresses, and other related information. It is highly effective for mapping out a target network's domain structure.

Nmap: While a versatile network scanning tool, Nmap is more focused on port scanning and service detection rather than detailed DNS enumeration. Netcat: This is a network utility for reading and writing data across network connections, not

for DNS enumeration.

Wireshark: This is a network protocol analyzer used for capturing and analyzing network traffic but not specifically for gathering DNS information.

References from Pentest:

Anubis HTB: Shows the importance of using DNS enumeration tools like Dnsenum to gather detailed information about the target's domain structure. Forge HTB: Demonstrates the process of using specialized tools to collect DNS and IP

information efficiently.

Correct Answer: D

Based on the Nmap scan results, the services identified on the target server are as follows:

22/tcp open ssh:

25/tcp filtered smtp:

111/tcp open rpcbind:

2049/tcp open nfs:

Conclusion: The NFS service (2049/tcp) provides the best target for launching an attack. File sharing services like NFS often contain sensitive data and can be vulnerable to misconfigurations that allow unauthorized access or privilege

escalation.

Correct Answer: A

Preserving Artifacts:

Other Tasks:

Pentest References:

Reporting: Comprehensive documentation and reporting of findings are crucial parts of penetration testing.

Evidence Handling: Properly preserving and handling artifacts ensure that the integrity of the test results is maintained and can be used for future reference. By preserving artifacts, the penetration tester ensures that all key outputs from the

test are retained for analysis, reporting, and future reference.

Correct Answer: A

Correct Answer: C

Deconflicting with the penetration tester is the best thing to do next after the security alarms are triggered during a penetration test, as it will help determine whether the alarm was caused by the tester's activity or by an actual threat. Deconflicting is the process of communicating and coordinating with other parties involved in a penetration testing engagement, such as security teams, network administrators, or emergency contacts, to avoid confusion or interference.

Correct Answer: C

Correct Answer: B

Testing with proof-of-concept code from an exploit database is the best method to support validation of the possible findings, as it will demonstrate whether the CVEs are actually exploitable on the target VoIP call manager. Proof-of-concept code is a piece of software or script that shows how an attacker can exploit a vulnerability in a system or application. An exploit database is a repository of publicly available exploits, such as Exploit Database or Metasploit. Reference: https:// dokumen.pub/hacking-exposed-unified-communications-amp-voip- security-secrets-amp- solutions-2nd-edition-9780071798778-0071798773- 9780071798761-0071798765.html

Correct Answer: D

Correct Answer: D

Password spraying is a type of password guessing attack that involves trying one or a few common passwords against many usernames or accounts. Password spraying can avoid account lockout policies that limit the number of failed login attempts per account by spreading out the attempts over time and across different accounts. Password spraying can also increase the chances of success by using passwords that are likely to be used by many users, such as default passwords, seasonal passwords, or company names. Mask is a type of password cracking attack that involves using a mask or a pattern to generate passwords based on known or guessed characteristics of the password, such as length, case, or symbols. Rainbow is a technique of storing precomputed hashes of passwords in a table that can be used to quickly crack passwords by looking up the hashes. Dictionary is a type of password cracking attack that involves using a wordlist or a dictionary of common or likely passwords to try against an account.

Correct Answer: DE

SQL injection is a type of attack that exploits a vulnerability in a web application that allows an attacker to execute malicious SQL statements on a database server. SQL injection can result in data theft, data corruption, authentication bypass,

or command execution. To mitigate SQL injection vulnerabilities, the following remediation techniques are recommended:

Users' input validation: This involves checking and sanitizing the user input before passing it to the database server. Input validation can prevent malicious or unexpected input from reaching the database server and causing harm. Input

validation can be done by using whitelists, blacklists, regular expressions, or escaping mechanisms.

Parameterized queries: This involves using placeholders or parameters for user input instead of concatenating it with the SQL statement. Parameterized queries can separate the user input from the SQL logic and prevent it from being

interpreted as part of the SQL statement. Parameterized queries can be implemented by using prepared statements, stored procedures, or frameworks that support them. The other options are not relevant or effective remediation techniques

for SQL injection vulnerabilities.

Correct Answer: B

The best tool for performing an on-path attack on BLE smart devices is Gattacker. Gattacker is a Bluetooth Low Energy (BLE) pentesting and fuzzing framework specifically designed for on-path attacks. It allows security analysts to perform a variety of tasks, including man-in-the-middle attacks, passive and active scans, fuzzing of BLE services, and more. Gattacker also provides an interactive command-line interface that makes it easy to interact with the target BLE device and execute various commands.

Correct Answer: D

SMTP is a protocol associated with mail servers. Therefore, for a penetration tester, an open relay configuration can be exploited to launch phishing attacks.