CompTIA PenTest+ (PT0-001) — Question 151

A penetration tester directly connects to an internal network. Which of the following exploits would work BEST for quick lateral movement within an internal network?

Answer options

• A. Crack password hashes in /etc/shadow for network authentication.
• B. Launch dictionary attacks on RDP.
• C. Conduct a whaling campaign.
• D. Poison LLMNR and NBNS requests.

Correct answer: A

Explanation

Option A is the best choice as cracking password hashes in /etc/shadow allows the tester to obtain credentials for network authentication, facilitating quick lateral movement. Options B, C, and D are less effective for immediate lateral movement; B focuses on RDP access, C involves social engineering, and D is more about network traffic interception without directly gaining access to user credentials.