CompTIA PenTest+ (PT0-002) — Question 370

A penetration tester is looking for insecure configurations. The tester wants to identify all hosts on the 10.0.0.0/16 network that are potentially vulnerable to an SMB relay attack. Which of the following reconnaissance commands is best for this task?

Answer options

• A. sudo python3 Responder.py -I eth0 -i 10.0.0.0/16
• B. sudo python3 Icmp-Redirecr.py -r eth0 -i 10.0.0.0/16
• C. sudo python3 RunFinger.py -i 10.0.0.0/16
• D. sudo python3 MultiRelay.py -i 10.0.0.0/16

Correct answer: A

Explanation

The correct command, A, uses Responder.py, which is specifically designed to capture and relay SMB authentication requests, identifying vulnerable hosts. Option B is incorrect as it relates to ICMP redirection, which is not relevant for SMB relay attacks. Option C focuses on gathering fingerprinting information and doesn't target SMB vulnerabilities, while option D is not the right tool for discovery but rather for relay attacks once hosts are identified.