CompTIA PenTest+ (PT0-002) — Question 242

During an assessment, a penetration tester obtains a list of password digests using Responder. Which of the following tools would the penetration tester most likely use next?

Answer options

• A. Hashcat
• B. Hydra
• C. CeWL
• D. Medusa

Correct answer: A

Explanation

Hashcat is specifically designed for cracking password hashes, making it the most suitable choice after obtaining digests. The other options, such as Hydra and Medusa, are tools for password spraying and brute-force attacks on services, while CeWL is used for generating custom wordlists, which are not directly applicable for cracking the obtained hashes.