PT0-003 Online Practice Questions and Answers

Correct Answer: B

When traditional reconnaissance methods are blocked, scanning code repositories is an effective method to gather information. Here's why:

Code Repository Scanning:

Comparison with Other Methods:

Scanning code repositories allows gathering a wide range of information that can be critical for further penetration testing effort

Correct Answer: C

A rootkit is a type of malicious software designed to provide an attacker with unauthorized access to a computer system while concealing its presence. Rootkits achieve this by modifying the host's operating system or other software to hide

their existence, allowing the attacker to maintain control over the system without detection.

Definition and Purpose:

Mechanisms of Action:

Detection and Prevention:

Real-World Examples:

References from Pentesting Literature:

Step-by-Step ExplanationReferences:

Penetration Testing - A Hands-on Introduction to Hacking HTB Official Writeups on sophisticated attacks

Correct Answer: D

Metadata services in cloud environments provide information about the configuration and instance details, including sensitive data used during the initialization of virtual machines. Attackers can access this information to exploit and gain

unauthorized access.

Understanding Metadata Services:

Common Information Exposed:

Security Risks:

Best Practices:

References from Pentesting Literature:

Step-by-Step ExplanationReferences:

Penetration Testing - A Hands-on Introduction to Hacking HTB Official Writeups

Correct Answer: D

The command find / -user root -perm -4000 -exec ls -ldb {} \; 2>/dev/null is used to find files with the SUID bit set. SUID (Set User ID) permissions allow a file to be executed with the permissions of the file owner (root), rather than the

permissions of the user running the file.

Understanding the Command:

Purpose:

Why Enumerate Permissions:

References from Pentesting Literature:

Step-by-Step ExplanationReferences:

Penetration Testing - A Hands-on Introduction to Hacking HTB Official Writeups

Correct Answer: C

To collect information over the network, especially during an internal assessment, tools that can capture and analyze network traffic are essential. Responder is specifically designed for this purpose, and it can capture NTLM hashes and other

credentials by poisoning various network protocols. Here's a breakdown of the options:

Option A: ntlmrelayx.py -t 192.168.1.0/24 -1 1234 Option B: nc -tulpn 1234 192.168.1.2

Option C: responder.py -I eth0 -wP

Option D: crackmapexec smb 192.168.1.0/24

References from Pentest:

Anubis HTB: Highlights the use of Responder to capture network credentials and hashes during internal assessments.

Horizontall HTB: Demonstrates the effectiveness of Responder in capturing and analyzing network traffic for further exploitation.

Correct Answer: D

Given that the penetration tester has already obtained an internal foothold on the target network, the next logical step to achieve the objective of collecting confidential information and potentially exfiltrating data or performing a ransomware

attack is to perform credential dumping. Here's why:

Credential Dumping:

Comparison with Other Options:

Performing credential dumping is the most effective next step to escalate privileges and access sensitive data, making it the best choice.

Correct Answer: B

Correct Answer: C

The best option for the tester to take is to notify the client about the firewall. The firewall is not part of the original list of IP addresses for the engagement, which means it is out of scope and should not be tested without permission. The tester should inform the client about the existence and potential risks of the firewall, and ask if they want to include it in the scope or not.

Correct Answer: A

Social media scraping involves collecting information from social media platforms where employees might share their roles, responsibilities, and professional affiliations. This method can reveal detailed insights into the organizational structure, key personnel, and specific job functions within the target organization, making it an invaluable tool for understanding the company's internal landscape without alerting the target to the reconnaissance activities.

Correct Answer: A

When a penetration tester captures screen images that include hashes from a domain controller, obscuring parts of these images before saving is crucial to maintain the confidentiality of sensitive data. Hashes can be considered sensitive information as they represent a form of digital identity for users within an organization. Revealing these hashes in full could lead to unauthorized access if the hashes were to be cracked or otherwise misused by malicious actors. By partially obscuring the images, the penetration tester ensures that the data remains confidential and reduces the risk of compromising user accounts and the integrity of the organization's security posture.