CompTIA PenTest+ (PT0-003) — Question 127

A penetration tester completes a scan and sees the following output on a host:

Nmap scan report for victim (10.10.10.10)
Host is up (0.0001s latency)

PORT STATE SERVICE -
161/udp open|filtered snmp
445/tcp open microsoft-ds
3389/tcp open microsoft-ds

Running Microsoft Windows 7 -
OS CPE: cpe./o.microsoft.windows_7_sp0

The tester wants to obtain shell access. Which of the following related exploits should the tester try first?

Answer options

• A. exploit/windows/smb/psexec
• B. exploit/windows/smb/ms08_067_netapi
• C. exploit/windows/smb/ms17_010_eternalblue
• D. auxillary/scanner/snmp/snmp_login

Correct answer: C

Explanation

The correct answer is C, as the ms17_010_eternalblue exploit targets a vulnerability in SMB that affects Windows 7, allowing for remote code execution. Option A, psexec, is a method for executing commands but may not be as effective against the specific vulnerabilities in Windows 7 as C. Option B, ms08_067_netapi, is an older exploit that may still work but is less reliable than C. Option D, snmp_login, does not provide shell access directly and is not relevant to the goal of obtaining shell access.