During an engagement, a penetration tester needs to break the key for the Wi-Fi network that uses WPA2 encryption. Which of the following attacks would accomplish this objective?
Correct Answer:D
KRACK (Key Reinstallation Attack) exploits a vulnerability in the WPA2 protocol to decrypt and inject packets, potentially allowing an attacker to break the encryption key and gain access to the Wi-Fi network.
✑ Understanding KRACK:
✑ Attack Steps:
✑ Impact:
✑ Mitigation:
✑ References from Pentesting Literature: Step-by-Step ExplanationReferences:
✑ Penetration Testing - A Hands-on Introduction to Hacking
✑ HTB Official Writeups
=================
During a penetration test, a tester attempts to pivot from one Windows 10 system to another Windows system. The penetration tester thinks a local firewall is blocking connections. Which of the following command-line utilities built into Windows is most likely to disable the firewall?
Correct Answer:D
✑ Understanding netsh.exe:
✑ Disabling the Firewall:
netsh advfirewall set allprofiles state off
✑ Usage in Penetration Testing:
✑ References from Pentesting Literature: References:
✑ Penetration Testing - A Hands-on Introduction to Hacking
✑ HTB Official Writeups
=================
A penetration tester needs to confirm the version number of a client's web application server. Which of the following techniques should the penetration tester use?
Correct Answer:C
Banner grabbing is a technique used to gather information about a service running on an open port, which often includes the version number of the application or server. Here??s why banner grabbing is the correct Answer
✑ Banner Grabbing: It involves connecting to a service and reading the welcome banner or response, which typically includes version information. This is a direct method to identify the version number of a web application server.
✑ SSL Certificate Inspection: While it can provide information about the server, it is not reliable for identifying specific application versions.
✑ URL Spidering: This is used for discovering URLs and resources within a web application, not for version identification.
✑ Directory Brute Forcing: This is used to discover hidden directories and files, not for identifying version information.
References from Pentest:
✑ Luke HTB: Shows how banner grabbing can be used to identify the versions of services running on a server.
✑ Writeup HTB: Demonstrates the importance of gathering version information through techniques like banner grabbing during enumeration phases.
Conclusion:
Option C, banner grabbing, is the most appropriate technique for confirming the version number of a web application server.
=================
Which of the following post-exploitation activities allows a penetration tester to maintain persistent access in a compromised system?
Correct Answer:A
Maintaining persistent access in a compromised system is a crucial goal for a penetration
tester after achieving initial access. Here??s an explanation of each option and why creating registry keys is the preferred method:
✑ Creating registry keys (Answer: A):
✑ Installing a bind shell (Option B):
✑ Executing a process injection (Option C):
✑ Setting up a reverse SSH connection (Option D):
Conclusion: Creating registry keys is the most effective method for maintaining persistent access in a compromised system, particularly in Windows environments, due to its stealthiness and reliability.
Which of the following components should a penetration tester include in an assessment report?
Correct Answer:D
An attack narrative provides a detailed account of the steps taken during the penetration test, including the methods used, vulnerabilities exploited, and the outcomes of each attack. This helps stakeholders understand the context and implications of the findings.
✑ Components of an Assessment Report:
✑ Importance of Attack Narrative:
✑ References from Pentesting Literature: Step-by-Step ExplanationReferences:
✑ Penetration Testing - A Hands-on Introduction to Hacking
✑ HTB Official Writeups
=================
A penetration tester needs to help create a threat model of a custom application. Which of the following is the most likely framework the tester will use?
Correct Answer:D
The DREAD model is a risk assessment framework used to evaluate and prioritize the security risks of an application. It stands for Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability.
✑ Understanding DREAD:
✑ Usage in Threat Modeling:
✑ Process:
✑ References from Pentesting Literature: Step-by-Step ExplanationReferences:
✑ Penetration Testing - A Hands-on Introduction to Hacking
✑ HTB Official Writeups
=================