CompTIA Updated PT0-003 Exam Questions and Answers by izhaan

To avoid triggering IDS/IPS alerts, the attacker should use offline cracking on compromised hashes rather than direct brute-force attempts.

Crack user accounts using compromised hashes (Option A):

Hashes can be cracked offline using tools like Hashcat or John the Ripper.

No direct login attempts, avoiding detection by security systems.

La técnica utilizada en este escenario es Shoulder Surfing, que consiste en observar directamente a una persona mientras trabaja, con el objetivo de recopilar información sensible, como credenciales, direcciones URL internas u otros datos confidenciales.

En este caso, el pentester siguió a los miembros del equipo DevOps durante sus desplazamientos (commute) y logró identificar una URL interna. No se usó ingeniería social directa (como en spear phishing), ni acceso físico no autorizado (como en tailgating), ni revisión de basura (dumpster diving).

Referencia: PT0-003 Objective 2.1 - Explain the importance of physical security assessments. Shoulder surfing is listed as a key social engineering technique.

Cross-Site Scripting (XSS) is an attack that involves injecting malicious scripts into web pages viewed by other users. Here’s why option C is correct:

XSS (Cross-Site Scripting): This attack involves injecting JavaScript into a web application, which is then executed by the user’s browser. The scenario describes injecting a JavaScript prompt, which is a typical XSS payload.

SQL Injection: This involves injecting SQL commands to manipulate the database and does not relate to JavaScript injection.

SSRF (Server-Side Request Forgery): This attack tricks the server into making requests to unintended locations, which is not related to client-side JavaScript execution.

Server-Side Template Injection: This involves injecting code into server-side templates, not JavaScript that executes in the user’s browser.

References from Pentest:

Horizontall HTB: Demonstrates identifying and exploiting XSS vulnerabilities in web applications​​.

Luke HTB: Highlights the process of testing for XSS by injecting scripts and observing their execution in the browser​​.

======

Dnsenum is a tool specifically designed to gather information about DNS, including domain structure and associated IP addresses. Here’s why option A is correct:

Dnsenum: This tool is used for DNS enumeration and can gather information about a domain’s DNS records, subdomains, IP addresses, and other related information. It is highly effective for mapping out a target network’s domain structure.

Nmap: While a versatile network scanning tool, Nmap is more focused on port scanning and service detection rather than detailed DNS enumeration.

Netcat: This is a network utility for reading and writing data across network connections, not for DNS enumeration.

Wireshark: This is a network protocol analyzer used for capturing and analyzing network traffic but not specifically for gathering DNS information.

References from Pentest:

Anubis HTB: Shows the importance of using DNS enumeration tools like Dnsenum to gather detailed information about the target’s domain structure​​.

Forge HTB: Demonstrates the process of using specialized tools to collect DNS and IP information efficiently​​.

======