CompTIA PenTest+ (PT0-001) — Question 27

During an internal network penetration test, a tester recovers the NTLM password hash for a user known to have full administrator privileges on a number of target systems. Efforts to crack the hash and recover the plaintext password have been unsuccessful.
Which of the following would be the BEST target for continued exploitation efforts?

Answer options

• A. Operating system: Windows 7 Open ports: 23, 161
• B. Operating system: Windows Server 2016 Open ports: 53, 5900
• C. Operating system: Windows 8.1 Open ports: 445, 3389
• D. Operating system: Windows 8 Open ports: 514, 3389

Correct answer: C

Explanation

Option C, Windows 8.1 with open ports 445 and 3389, is the best target because port 445 is used for SMB, which could allow for exploitation of file sharing vulnerabilities, and port 3389 is for RDP, which can enable remote access. The other options either use outdated operating systems or have service ports that are less likely to facilitate successful exploitation.