CompTIA PenTest+ (PT0-002) — Question 291

A penetration tester captures SMB network traffic and discovers that users are mistyping the name of a fileshare server. This causes the workstations to send out requests attempting to resolve the fileshare server’s name. Which of the following is the best way for a penetration tester to exploit this situation?

Answer options

• A. Relay the traffic to the real file server and steal documents as they pass through
• B. Host a malicious file to compromise the workstation
• C. Reply to the broadcasts with a fake IP address to deny access to the real file server
• D. Respond to the requests with the tester's IP address and steal authentication credentials

Correct answer: D

Explanation

The correct answer is D because by responding to the name resolution requests with the tester's IP address, the tester can intercept authentication credentials from users trying to connect to the fileshare server. Options A and B do not directly exploit the naming issue, while C only denies access to the real server without capturing useful data.