PT0-003 Free Practice Test

While performing an internal assessment, a tester uses the following command: crackmapexec smb 192.168.1.0/24 -u user.txt -p Summer123@
Which of the following is the main purpose of the command?

1. A. To perform a pass-the-hash attack over multiple endpoints within the internal network
2. B. To perform common protocol scanning within the internal network
3. C. To perform password spraying on internal systems
4. D. To execute a command in multiple endpoints at the same time

Correct Answer: C
The command crackmapexec smb 192.168.1.0/24 -u user.txt -p Summer123@ is used to perform password spraying on internal systems. CrackMapExec (CME) is a post- exploitation tool that helps automate the process of assessing large Active Directory
networks. It supports multiple protocols, including SMB, and can perform various actions like password spraying, command execution, and more.
✑ CrackMapExec:
✑ Command Breakdown:
✑ Password Spraying:
Pentest References:
✑ Password Spraying: An effective method for gaining initial access during penetration tests, particularly against organizations that have weak password policies or commonly used passwords.
✑ CrackMapExec: Widely used in penetration testing for its ability to automate and streamline the process of credential validation and exploitation across large networks.
By using the specified command, the tester performs a password spraying attack, attempting to log in with a common password across multiple usernames, identifying potential weak accounts.
=================

During a penetration test, the tester identifies several unused services that are listening on all targeted internal laptops. Which of the following technical controls should the tester recommend to reduce the risk of compromise?

1. A. Multifactor authentication
2. B. Patch management
3. C. System hardening
4. D. Network segmentation

Correct Answer: C
When a penetration tester identifies several unused services listening on targeted internal laptops, the most appropriate recommendation to reduce the risk of compromise is system hardening. Here's why:
✑ System Hardening:
✑ Comparison with Other Controls:
System hardening is the most direct control for reducing the risk posed by unused services, making it the best recommendation.
=================

A penetration tester plans to conduct reconnaissance during an engagement using readily available resources. Which of the following resources would most likely identify hardware and software being utilized by the client?

1. A. Cryptographic flaws
2. B. Protocol scanning
3. C. Cached pages
4. D. Job boards

Correct Answer: D
✑ Reconnaissance:
✑ Job Boards:
✑ Examples of Job Boards:
Pentest References:
✑ OSINT (Open Source Intelligence): Using publicly available sources to gather information about a target.
✑ Job boards are a key source of OSINT, providing indirect access to the internal technologies of a company.
✑ This information can be used to tailor subsequent phases of the penetration test, such as vulnerability scanning and exploitation, to the specific technologies identified.
By examining job boards, a penetration tester can gain insights into the hardware and software environments of the target, making this a valuable reconnaissance tool.
=================

During a security assessment, a penetration tester gains access to an internal server and manipulates some data to hide its presence. Which of the following is the best way for the penetration tester to hide the activities performed?

1. A. Clear the Windows event logs.
2. B. Modify the system time.
3. C. Alter the log permissions.
4. D. Reduce the log retention settings.

Correct Answer: A
During a penetration test, one of the critical steps for maintaining access and covering tracks is to clear evidence of the attack. Manipulating data to hide activities on an internal server involves ensuring that logs and traces of the attack are removed. Here's a detailed explanation of why clearing the Windows event logs is the best method for this scenario:
✑ Understanding Windows Event Logs: Windows event logs are a key forensic
artifact that records system, security, and application events. These logs can provide detailed information about user activities, system changes, and potential security incidents.
✑ Why Clear Windows Event Logs:
✑ Method to Clear Event Logs:
shell
Copy code wevtutil cl System wevtutil cl Security
wevtutil cl Application
✑ uk.co.certification.simulator.questionpool.PList@6126ce2a
✑ Alternative Options and Their Drawbacks:
✑ Case References:
In conclusion, clearing Windows event logs is a well-established practice for hiding activities during a penetration test. It is the most effective way to remove evidence of the attack from the system, thereby maintaining stealth and ensuring that the tester's actions remain undetected.
=================

A penetration tester enumerates a legacy Windows host on the same subnet. The tester needs to select exploit methods that will have the least impact on the host's operating
stability. Which of the following commands should the tester try first?

1. A. responder -I eth0 john responder_output.txt <rdp to target>
2. B. hydra -L administrator -P /path/to/pwlist.txt -t 100 rdp://
3. C. msf > use msf > set msf > set PAYLOAD windows/meterpreter/reverse_tcp msf > run
4. D. python3 ./buffer_overflow_with_shellcode.py 445

Correct Answer: A
Responder is a tool used for capturing and analyzing NetBIOS, LLMNR, and MDNS queries to perform various man-in-the-middle (MITM) attacks. It can be used to capture hashed credentials, which can then be cracked offline. Using Responder has the least impact on the host's operating stability compared to more aggressive methods like buffer overflow attacks or payload injections.
✑ Understanding Responder:
✑ Command Breakdown:
✑ Why This is the Best Choice:
✑ References from Pentesting Literature: Step-by-Step ExplanationReferences:
✑ Penetration Testing - A Hands-on Introduction to Hacking
✑ HTB Official Writeups
=================