CompTIA PenTest+ (PT0-001) — Question 95

A tester has captured a NetNTLMv2 hash using Responder. Which of the following commands will allow the tester to crack the hash using a mask attack?

Answer options

• A. hashcat -m 5600 -r rules/bestG4.rule hash.txt wordlist.txt
• B. hashcat -m 5600 hash.txt
• C. hashcat -m 5600 -a 3 hash.txt ?a?a?a?a?a?a?a?a
• D. hashcat -m 5600 -o results.text hash.txt wordlist.txt

Correct answer: C

Explanation

The correct answer is C, as it uses the '-a 3' option for a mask attack, allowing the tester to specify character sets and lengths for the cracking process. Options A and D use wordlists instead of a mask, which is not suitable for this specific attack type, while option B does not include any attack mode, making it ineffective for cracking the hash.