CompTIA PenTest+ (PT0-001) — Question 117

A tester was able to retrieve domain users' hashes. Which of the following tools can be used to uncover the users' passwords? (Choose two.)

Answer options

• A. Hydra
• B. Mimikatz
• C. Hashcat
• D. John the Ripper
• E. PSExec
• F. Nessus

Correct answer: B, E

Explanation

Mimikatz is specifically designed to extract plaintext passwords, hashes, and Kerberos tickets from memory, making it effective for this scenario. PSExec can facilitate remote execution of commands that may aid in password retrieval, but it is not primarily a password cracking tool like Mimikatz. The other options, while useful in different contexts, do not directly target the retrieval of passwords from hashes in the same way.