CompTIA PenTest+ (PT1-002) — Question 84

A penetration tester runs a scan against a server and obtains the following output:
21/tcp open ftp Microsoft ftpd
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| 03-12-20 09:23AM 331 index.aspx
| ftp-syst:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Microsoft Windows Server 2012 Std
3389/tcp open ssl/ms-wbt-server
| rdp-ntlm-info:
| Target Name: WEB3
| NetBIOS_Computer_Name: WEB3
| Product_Version: 6.3.9600
|_ System_Time: 2021-01-15T11:32:06+00:00
8443/tcp open http Microsoft IIS httpd 8.5
| http-methods:
|_ Potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/8.5
|_http-title: IIS Windows Server
Which of the following command sequences should the penetration tester try NEXT?

Answer options

• A. ftp 192.168.53.23
• B. smbclient \\\\WEB3\\IPC$ -I 192.168.53.23 ג€"U guest
• C. ncrack ג€"u Administrator ג€"P 15worst_passwords.txt ג€"p rdp 192.168.53.23
• D. curl ג€"X TRACE https://192.168.53.23:8443/index.aspx
• E. nmap ג€"-script vuln ג€"sV 192.168.53.23

Correct answer: A

Explanation

The correct answer is A because the scan shows that anonymous FTP login is allowed, making it a suitable next step to access the server. Option B is not appropriate as it targets SMB, while C focuses on RDP which may not be the immediate next step. Option D attempts to exploit a potentially risky HTTP method, and E is a general scan that does not leverage the discovered FTP service.