CompTIA PenTest+ (PT0-003) — Question 130
A penetration tester is preparing a password-spraying attack against a known list of users for the company "example." The tester is using the following list of commands:
1. pw-inspector -i $allwords | tee $pass
2. spray365.py spray -ep $plan
3. users="~/user.txt"; allwords="~/words.txt"; pass="~/passwords.txt"; plan="~/spray.plan"
4. spray365.py generate --password_file $pass --user file $user --domain "example.com" --execution_plan $plan
5. cewl -m 5 "http://www.example.com" -w $allwords
Which of the following is the correct order for the list of the commands?
Answer options
- A. 3, 4, 1, 2, 5
- B. 3, 1, 2, 5, 4
- C. 2, 3, 1, 4, 5
- D. 3, 5, 1, 4, 2
Correct answer: D
Explanation
The correct sequence starts by defining the variables (command 3), then gathers words from the website (command 5), checks the password list (command 1), sets up the execution plan (command 4), and finally performs the password spraying (command 2). The other sequences either initiate commands out of order or miss necessary preliminary steps, which would cause the attack to fail.