CompTIA PenTest+ (PT0-003) — Question 124

During an assessment, a penetration tester obtains an NTLM hash from a legacy Windows machine. Which of the following tools should the penetration tester use to continue the attack?

Answer options

• A. Responder
• B. Hydra
• C. BloodHound
• D. CrackMapExec

Correct answer: D

Explanation

CrackMapExec is specifically designed for post-exploitation tasks involving NTLM hashes, making it the most suitable choice for this scenario. Responder is used for capturing NTLM hashes, while Hydra focuses on brute-force attacks, and BloodHound is primarily for Active Directory enumeration, which does not directly assist in utilizing NTLM hashes.