ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT1-002 All Questions

View all questions & answers for the PT1-002 exam
Go to Exam

Exam PT1-002 topic 1 question 74 discussion

Actual exam question from CompTIA's PT1-002
Question #: 74
Topic #: 1
[All PT1-002 Questions]

A penetration tester runs a scan against a server and obtains the following output:
21/tcp open ftp Microsoft ftpd
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| 03-12-20 09:23AM 331 index.aspx
| ftp-syst:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Microsoft Windows Server 2012 Std
3389/tcp open ssl/ms-wbt-server
| rdp-ntlm-info:
| Target Name: WEB3
| NetBIOS_Computer_Name: WEB3
| Product_Version: 6.3.9600
|_ System_Time: 2021-01-15T11:32:06+00:00
8443/tcp open http Microsoft IIS httpd 8.5
| http-methods:
|_ Potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/8.5
|_http-title: IIS Windows Server
Which of the following command sequences should the penetration tester try NEXT?

  • A. ftp 192.168.53.23
  • B. smbclient \\\\WEB3\\IPC$ -I 192.168.53.23 ג€"U guest
  • C. ncrack ג€"u Administrator ג€"P 15worst_passwords.txt ג€"p rdp 192.168.53.23
  • D. curl ג€"X TRACE https://192.168.53.23:8443/index.aspx
  • E. nmap ג€"-script vuln ג€"sV 192.168.53.23
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by some_specialist at March 10, 2022, 10:07 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
some_specialist
Highly Voted 3 years, 1 month ago
Key line: | ftp-anon: Anonymous FTP login allowed (FTP code 230) since it's allowed, run the command to connect without a username, which is the correct answer
upvoted 6 times
...
bieecop
Most Recent 1 year, 9 months ago
Selected Answer: D
The scan shows that port 8443/tcp is open and running an HTTP service on Microsoft IIS (Internet Information Services) version 8.5. The presence of the TRACE HTTP method (as indicated by the output) suggests a potential vulnerability, as TRACE can be used in Cross-Site Tracing attacks. The tester should attempt to exploit this potential vulnerability by sending a TRACE request to the server and observing the response.
upvoted 1 times
...
bieecop
2 years, 4 months ago
Selected Answer: A
correct a
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago