Certified Ethical Hacker (CEH v13) — Question 200

As a certified ethical hacker, you are tasked with gaining information about an enterprise's internal network. You are permitted to test the network's security using enumeration techniques. You successfully obtain a list of usernames using email IDs and execute a DNS Zone Transfer. Which enumeration technique would be most effective for your next move given that you have identified open TCP ports 25 (SMTP) and 139 (NetBIOS Session Service)?

Answer options

• A. Perform a brute force attack on Microsoft Active Directory to extract valid usernames
• B. Exploit the NetBIOS Session Service on TCP port 139 to gain unauthorized access to the file system
• C. Use SNMP to extract usernames given the community strings
• D. Exploit the NFS protocol on TCP port 2049 to gain control over a remote system

Correct answer: B

Explanation

The correct answer is B because the NetBIOS Session Service on TCP port 139 can be exploited to access shared files and resources on the system, making it a direct method for gaining unauthorized access. Option A is incorrect as it focuses on brute forcing usernames rather than exploiting an existing service, while C involves SNMP, which is less likely given the current context. Option D is not applicable since NFS is not accessible on port 2049 in this scenario.