CompTIA Security+ (SY0-601) — Question 297

During a forensic investigation, a security analyst discovered that the following command was run on a compromised host:

crackmapexec smb 192.168.10.232 -u localadmin -H 0A3CE8D07A46E5C51070F03593E0A5E6

Which of the following attacks occurred?

Answer options

• A. Buffer overflow
• B. Pass the hash
• C. SQL injection
• D. Replay attack

Correct answer: B

Explanation

The command indicates a Pass the Hash attack, where an attacker uses a hashed password to authenticate without needing to know the plaintext password. The other options do not fit the context; a buffer overflow is a different vulnerability type, SQL injection targets databases, and a replay attack involves capturing and re-sending valid data transmissions.