Question 12 of 52 from exam PT0-001: CompTIA PenTest+

Question 12 of 52 from exam PT0-001: CompTIA PenTest+

Question

SIMULATION - You are a penetration tester running port scans on a server.

INSTRUCTIONS - Part 1: Given the output, construct the command that was used to generate this output from the available options.

Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

@ nap scan Output

o

Host is up (0.00079s latency)
Not shown: 96 closed ports:

PORT STATS SERVICE VERSION

‘88/tcp open kerberos-sec?

139)tcp open netbios-ssn

389/tcp open Idap?

445/tcp open microsoft-ds?

MAC Address: 08:00:27:81:B1:DF (Oracle VirtualBox virtual NIC)
Device type: general purpose

Running: Linux 2.4.X

OS CPE: cpe‘lo:linux_kemel:2.4.21

192.168.2.1-100 OS details: Linux 2.4.21

Network Distance: 1 hop

192.168.2.2

e
<

OS and Service detection performed. Please report any incorrect results at
https://nmap.org/submi

# Scan done at Fri Oct 13 10:03:06 2017 — 1 IP address (1 host up)
Btopeports=10000NNE scanned in 26.80 seconds

--top-ports=100

Penetration Testing
Penetration Testing Part 1

MAP Scan Output
Using the output, identity

potential attack vectors that | | [AI eMEMU SN GRU TAEa eon)

‘should be further Not shown: 96 closed ports:

investigated PORT STATS SERVICE VERSION
Weak SMB fle ‘88/tcp open kerberos-sec
permissions }9/tcp open netbios-ssn

FTP anonymous login

Webdav le upload MAG Address: 08:00:27-61-B1:DF (Oracle VirtualBox virtual NIC)
vcakipahetona| | Ct eee

Pe eM Running: Linux 2.4.X

Null session OS CPE: cpe-/ovlinux_kernel:2.4.21

numeration 8 detaiis: Linux 2.4.21

Network Distance: 1

Fragmentation attack

‘SNMP enumeration OS and Service detection performed. Please report any incorrect results at
https://nmap.org/submi

ARP spoofing # Scan done at Fri Oct 13 10:03:06 2017 — 1 IP address (1 host up)
scanned in 26.80 sec

Explanations

See explanation below.

Part 1 - nmap 192.168.2.2 -sV -O Part 2- Weak SMB file permissions.