CompTIA PenTest+ (PT0-002) — Question 352

During the reconnaissance phase, a penetration tester runs the following command:

sudo responder -I tun0

The result of the command is a list of NTLMv2 hashes. Which of the following should the penetration tester do next?

Answer options

• A. Use the hash in a password spraying attack.
• B. Use the hashes in a collision attack.
• C. Attempt to pass the hash with CrackMapExec.
• D. Crack the hash with Hashcat.

Correct answer: D

Explanation

The correct action is to crack the hash with Hashcat (D), as it is a tool specifically designed for recovering passwords from hashes. Options A, B, and C do not utilize the hashes effectively for obtaining the original passwords and may not yield the desired results.