CompTIA PenTest+ (PT0-002) — Question 92

A penetration tester would like to obtain FTP credentials by deploying a workstation as an on-path attack between the target and the server that has the FTP protocol. Which of the following methods would be the BEST to accomplish this objective?

Answer options

• A. Wait for the next login and perform a downgrade attack on the server.
• B. Capture traffic using Wireshark.
• C. Perform a brute-force attack over the server.
• D. Use an FTP exploit against the server.

Correct answer: B

Explanation

Capturing traffic using Wireshark allows the penetration tester to intercept and analyze the data packets being transmitted, which can include unencrypted FTP credentials. The other options are less effective: a downgrade attack may not succeed without specific conditions, brute-force attacks can be time-consuming and may not yield results, and exploiting the server directly could alert the system administrators.