CompTIA Exam PT0-003 Topic 3 Question 16 Discussion

Actual exam question for CompTIA's PT0-003 exam

Question #: 16
Topic #: 3

A penetration tester wants to maintain access to a compromised system after a reboot. Which of the following techniques would be best for the tester to use?

AEstablishing a reverse shell

BExecuting a process injection attack

CCreating a scheduled task

DPerforming a credential-dumping attack

Show Suggested Answer

Suggested Answer: A

Capabilities: BeEF is equipped with modules to create CSRF attacks, capture session tokens, and gather sensitive information from the target user's browser session.

Drawbacks: While useful for reconnaissance, Maltego is not designed for exploiting web vulnerabilities like CSRF.

Metasploit (Option C):

Capabilities: While Metasploit can exploit some web vulnerabilities, it is not specifically tailored for CSRF attacks as effectively as BeEF.

Drawbacks: It does not provide capabilities for exploiting CSRF vulnerabilities.

Conclusion: The Browser Exploitation Framework (BeEF) is the most suitable tool for leveraging a CSRF vulnerability to gather sensitive details from an application's end users. It is specifically designed for browser-based exploitation, making it the best choice for this task.

Maltego (Option B):

theHarvester (Option D):

by Stephanie at Dec 09, 2024, 05:08 AM

Limited Time Offer

25%

Off

Get Premium PT0-003 Questions as Interactive Web-Based Practice Test or PDF