Which of the following command sequences should the penetration tester try NEXT?

autonumA penetration tester runs a scan against a server and obtains the following output:

21/tcp open ftp Microsoft ftpd

| ftp-anon: Anonymous FTP login allowed (FTP code 230)

| 03-12-20 09:23AM 331 index.aspx

| ftp-syst:

135/tcp open msrpc Microsoft Windows RPC

139/tcp open netbios-ssn Microsoft Windows netbios-ssn

445/tcp open microsoft-ds Microsoft Windows Server 2012 Std

3389/tcp open ssl/ms-wbt-server

| rdp-ntlm-info:

| Target Name: WEB3

| NetBIOS_Computer_Name: WEB3

| Product_Version: 6.3.9600

|_ System_Time: 2021-01-15T11:32:06+00:00

8443/tcp open http Microsoft IIS httpd 8.5

| http-methods:

|_ Potentially risky methods: TRACE

|_http-server-header: Microsoft-IIS/8.5

|_http-title: IIS Windows Server

Which of the following command sequences should the penetration tester try NEXT?
A . ftp 192.168.53.23
B . smbclient \\WEB3\IPC$ -I 192.168.53.23 CU guest
C . ncrack Cu Administrator CP 15worst_passwords.txt Cp rdp 192.168.53.23
D . curl CX TRACE https://192.168.53.23:8443/index.aspx
E . nmap C-script vuln CsV 192.168.53.23

View Answer

Answer: A