Certified Ethical Hacker (CEH v12) — Question 207

As a certified ethical hacker, you are tasked with gaining information about an enterprise's internal network. You are permitted to test the network's security using enumeration techniques. You successfully obtain a list of usernames using email IDs and execute a DNS Zone Transfer. Which enumeration technique would be most effective for your next move given that you have identified open TCP ports 25 (SMTP) and 139 (NetBIOS Session Service)?

Answer options

• A. Perform a brute force attack on Microsoft Active Directory to extract valid usernames
• B. Exploit the NetBIOS Session Service on TCP port 139 to gain unauthorized access to the file system
• C. Use SNMP to extract usernames given the community strings
• D. Exploit the NFS protocol on TCP port 2049 to gain control over a remote system

Correct answer: B

Explanation

The correct answer is B because exploiting the NetBIOS Session Service on TCP port 139 can allow unauthorized access to the file system, which is a significant next move after obtaining usernames. Option A is incorrect as brute force attacks may not be necessary after obtaining usernames, while option C is not feasible unless SNMP is enabled with known community strings. Option D is also incorrect since TCP port 2049 is not mentioned as open in the given scenario.