ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT1-002 All Questions

View all questions & answers for the PT1-002 exam
Go to Exam

Exam PT1-002 topic 1 question 13 discussion

Actual exam question from CompTIA's PT1-002
Question #: 13
Topic #: 1
[All PT1-002 Questions]

A penetration tester is exploring a client's website. The tester performs a curl command and obtains the following:
* Connected to 10.2.11.144 (::1) port 80 (#0)
> GET /readmine.html HTTP/1.1
> Host: 10.2.11.144
> User-Agent: curl/7.67.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200
< Date: Tue, 02 Feb 2021 21:46:47 GMT
< Server: Apache/2.4.41 (Debian)
< Content-Length: 317
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE html>
<html lang=`en`>
<head>
<meta name=`viewport` content=`width=device-width` />
<meta http-equiv=`Content-Type` content=`text/html; charset=utf-8` />
<title>WordPress › ReadMe</title>
<link rel=`stylesheet` href=`wp-admin/css/install.css?ver=20100228` type=`text/css` />
</head>
Which of the following tools would be BEST for the penetration tester to use to explore this site further?

  • A. Burp Suite
  • B. DirBuster
  • C. WPScan
  • D. OWASP ZAP
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Picklefall1 at Oct. 30, 2021, 5:45 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BinarySoldier
Highly Voted 3 years, 2 months ago
Selected Answer: C
Being a wordpress site, I would choose WPScan
upvoted 9 times
...
MysterClyde
Most Recent 1 year, 10 months ago
The most APPLICABLE answer is C. Even though Burpsuite has the ability to run wpscanner as a plug, it is more efficient to pursue the obvious finding for additional vulnerabilities. Yes you can get into a lock room by bulldozing it down (using burpsuite) or you can have a key (wpscan) for that room. In this case, BurpSuite is seen as a distractor since you have more specific info.
upvoted 1 times
...
ronniehaang
2 years, 3 months ago
Selected Answer: C
WPScan is a web application testing tool designed to work with websites running the WordPress content management system.
upvoted 2 times
...
ResStapler
2 years, 8 months ago
It does appear that Burp Suite can use a Burp_WP plug-in to scan Wordpress along with everything else extra it scans. Source: https://www.hackingarticles.in/wordpress-exploitation-using-burpsuite-burp_wp-plugin/ Source: https://securityonline.info/burp_wp-wpscan-like-plugin-for-burp-suite/
upvoted 1 times
...
ResStapler
2 years, 8 months ago
I am foundering between A and C. If WPScan (Answer C) is a plugin itself on the site that reports vulnerable themes and plugins on your website, it would be available to wp-admin. But if the Pentester does not have access to use the WPScan plugin, would the only other choice be (A) Burp Suite?
upvoted 1 times
...
cuernov
3 years ago
Selected Answer: C
We found the CMS so the next step is to run wpscan
upvoted 2 times
...
BinarySoldier
3 years, 5 months ago
I would choose wpscan over Burp suite in this case. I will take C in this case.
upvoted 4 times
...
Picklefall1
3 years, 5 months ago
Why is the answer marked as Burpsuite when this is clearly a word press site? Wouldn't WPScan be better?
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago