CompTIA PenTest+ (PT0-002) — Question 44

A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server.
Which of the following can be done with the pcap to gain access to the server?

Answer options

• A. Perform vertical privilege escalation.
• B. Replay the captured traffic to the server to recreate the session.
• C. Use John the Ripper to crack the password.
• D. Utilize a pass-the-hash attack.

Correct answer: D

Explanation

The correct answer is D, as a pass-the-hash attack allows an attacker to use the captured hash to authenticate without needing the actual password. Options A, B, and C are not applicable since vertical privilege escalation does not relate to captured traffic, replaying the traffic won't necessarily work without proper context, and cracking the password is not feasible directly from NTLM challenge-response traffic.