CompTIA PenTest+ (PT0-002) — Question 301

A penetration tester gained access to one of the target company's servers. During the enumeration phase, the penetration tester lists the bash history and observes the following row:

curl -k 'imaps://10.12.14.121' --user jsmith:Blu3moon -v

Which of the following steps should the penetration tester take next?

Answer options

• A. Brute force all mail users.
• B. Enumerate mall server users.
• C. Attempt to read email.
• D. Download hashes.

Correct answer: C

Explanation

The correct answer is C because the command indicates that the tester has credentials for the email account and can now attempt to access the user's email. Option A is incorrect as brute forcing users is unnecessary when valid credentials are available. Option B is not the next logical step since the tester already has a user account. Option D is irrelevant in this context as reading emails is the immediate goal.