A penetration tester exploited a vulnerability on a server and remotely ran a payload to gain a shell. However, a connection was not established, and no errors were shown on the payload execution. The penetration tester suspected that a network device, like an IPS or next-generation firewall, was dropping the connection. Which of the following payloads are MOST likely to establish a shell successfully?

• A.windows/x64/meterpreter/reverse_tcp
• B.windows/x64/meterpreter/reverse_http
• C.windows/x64/shell_reverse_tcp
• D.windows/x64/powershell_reverse_tcp
• E.windows/x64/meterpreter/reverse_https

Comment: *

Name: *

Email: *

Verification: *

A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the company's web presence. Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)

• A.Zone transfers
• B.Internet search engines
• C.IP addresses and subdomains
• D.DNS forward and reverse lookups
• E.Externally facing open ports
• F.Shodan results

Comment: *

Name: *

Email: *

Verification: *

A penetration tester is performing reconnaissance for a web application assessment. Upon investigation, the tester reviews the robots.txt file for items of interest.
INSTRUCTIONS
Select the tool the penetration tester should use for further investigation.
Select the two entries in the robots.txt file that the penetration tester should recommend for removal.

Correct Answer:

Explanation:
The tool that the penetration tester should use for further investigation is WPScan. This is because WPScan is a WordPress vulnerability scanner that can detect common WordPress security issues, such as weak passwords, outdated plugins, and misconfigured settings. WPScan can also enumerate WordPress users, themes, and plugins from the robots.txt file.
The two entries in the robots.txt file that the penetration tester should recommend for removal are:
* Allow: /admin
* Allow: /wp-admin
These entries expose the WordPress admin panel, which can be a target for brute-force attacks, SQL injection, and other exploits. Removing these entries can help prevent unauthorized access to the web application's backend. Alternatively, the penetration tester can suggest renaming the admin panel to a less obvious name, or adding authentication methods such as two-factor authentication or IP whitelisting.

Comment: *

Name: *

Email: *

Verification: *

A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to:
Have a full TCP connection
Send a "hello" payload
Walt for a response
Send a string of characters longer than 16 bytes
Which of the following approaches would BEST support the objective?

• A.Run nmap -Pn -sV -script vuln <IP address>.
• B.Employ an OpenVAS simple scan against the TCP port of the host.
• C.Create a script in the Lua language and use it with NSE.
• D.Perform a credentialed scan with Nessus.

Comment: *

Name: *

Email: *

Verification: *

A penetration tester opened a shell on a laptop at a client's office but is unable to pivot because of restrictive ACLs on the wireless subnet. The tester is also aware that all laptop users have a hard-wired connection available at their desks. Which of the following is the BEST method available to pivot and gain additional access to the network?

• A.Set up a captive portal with embedded malicious code.
• B.Capture handshakes from wireless clients to crack.
• C.Span deauthentication packets to the wireless clients.
• D.Set up another access point and perform an evil twin attack.

Comment: *

Name: *

Email: *

Verification: *