PT0-003 Exam Dumps - CompTIA PenTest+ Exam

A DNS zone transfer attack occurs when a misconfigured DNS server allows attackers to retrieve the entire DNS record set.

Zone transfer (Option A):

The command host -t axfr domain.com dnsl.domain.com requests an AXFR (authoritative transfer) of the DNS records.

This provides subdomains, email servers, and internal DNS records, which attackers can use for reconnaissance.

The tester is conducting a phishing attack by cloning the company's login page to steal employee credentials.

Option A (BeEF) ❌: BeEF is used for browser exploitation, not phishing.

Option B (theHarvester) ❌: Used for OSINT, gathering emails, but does not conduct phishing attacks.

Option C (SET - Social Engineering Toolkit) ✅: Correct.

SET allows testers to clone web pages and perform phishing attacks.

Option D (GoPhish) ❌: GoPhish is a phishing simulation tool, but SET is specifically designed for credential harvesting.

📖 Reference: CompTIA PenTest+ PT0-003 Official Guide – Social Engineering & Phishing Attacks

Dynamic Application Security Testing (DAST):

Definition: DAST involves testing the application in its running state to identify vulnerabilities that could be exploited by an attacker.

Purpose: Simulates attacks on a live application, examining how it behaves and identifying security weaknesses.

ZAP (Zed Attack Proxy):

Description: An open-source DAST tool developed by OWASP.

Features: Capable of scanning web applications for vulnerabilities, including SQL injection, XSS, CSRF, and other common web application vulnerabilities.

Usage: Ideal for dynamic testing as it interacts with the live application and identifies vulnerabilities that may not be visible in static code analysis.

Other Tools:

Mimikatz: Used for post-exploitation activities, specifically credential dumping on Windows systems.

OllyDbg: A debugger used for reverse engineering and static analysis of binary files, not suitable for dynamic testing.

SonarQube: A static code analysis tool used for SAST (Static Application Security Testing), not for dynamic testing.

Pentest References:

Web Application Security Testing: Utilizing DAST tools like ZAP to dynamically test and find vulnerabilities in running web applications.

OWASP Tools: Leveraging open-source tools recommended by OWASP for comprehensive security testing.

By using ZAP, the penetration tester can perform dynamic testing to identify runtime vulnerabilities in web applications, extending the scope of the vulnerability search.

=================

To break the key for a Wi-Fi network that uses WPA2 encryption, the penetration tester should use the KRACK (Key Reinstallation Attack) attack.

KRACK (Key Reinstallation Attack):

Definition: KRACK is a vulnerability in the WPA2 protocol that allows attackers to decrypt and potentially inject packets into a Wi-Fi network by manipulating and replaying cryptographic handshake messages.

Impact: This attack exploits flaws in the WPA2 handshake process, allowing an attacker to break the encryption and gain access to the network.

Other Attacks:

ChopChop: Targets WEP encryption, not WPA2.

Replay: Involves capturing and replaying packets to create effects such as duplicating transactions; it does not break WPA2 encryption.

Initialization Vector (IV): Related to weaknesses in WEP, not WPA2.

Pentest References:

Wireless Security: Understanding vulnerabilities in Wi-Fi encryption protocols, such as WPA2, and how they can be exploited.

KRACK Attack: A significant vulnerability in WPA2 that requires specific techniques to exploit.

By using the KRACK attack, the penetration tester can break WPA2 encryption and gain unauthorized access to the Wi-Fi network.

Top of Form

Bottom of Form

=================

IAM (Identity and Access Management) credentials are used to control and manage access to cloud services and resources. When a penetration tester obtains IAM credentials, especially those with administrative privileges, they can perform high-level operations such as provisioning services, modifying configurations, or accessing sensitive data across the cloud environment.

SSH keys would only grant access to a specific instance, not cloud-wide services.

Cloud storage credentials are limited to storage access, not administrative capabilities.

Temporary security credentials (STS) provide limited-time access and are not typically used for broad administrative tasks.