In a penetration testing scenario, you captured encrypted traffic between a client and a server using Wireshark. You identified the protocol as being SSH. You then used Nmap to identify the version of the SSH server and discovered it was vulnerable to a specific brute-force attack. Using Hydra, you attempted to exploit this vulnerability. Considering this flow, which of the following sequences of filters or commands is most likely accurate?

Question

BlackTom AI · Accepted Answer

First, let's restate the scenario: you captured traffic that was SSH, used Nmap to determine the SSH service version on port 22, and then attempted a brute-force using Hydra with a username list and a password list. We want the sequence of filters/commands that aligns with this flow.
Option 1: Wireshark: tcp.port == 22, Nmap: -p 22 -sV target_IP, Hydra: -l username -P passlist.txt ssh://target_IP
- This matches the described steps precisely: filter for SSH traffic on port 22 in Wireshark, probe port 22 with Nmap and enable version detection (-sV), and run Hydra against SSH using a username list (-l) and a password list (-P). The protocol, port, and targets are consistent with SSH on port 22.
Option 2: Wireshark: ssh.request, Nmap: -p 22 --version-light target_IP, Hydra: -l username -p password ssh://target_IP
- Problems: ssh.request is not a standard Wireshark filter; it’s not a reliable or typical capture filter term. The Nmap option --version-light is a minor version probe, which is plausible, but the Hydra syntax here uses -p password, which is incorrect (Hydra uses -P for a password list, not a single -p). Overall, this option deviates from the stated flow and contains syntax issues.
Option 3: Wireshark: tcp.dstport == 23, Nmap: -p 22 -A target_IP, Hydra: -l username -P passlist.txt sftp://target_IP
- Mismatch here: SSH typically uses port 22 by default; filtering on dst port 23 suggests SSH as well as SSH is not being targeted correctly. The Nmap -A flag enables aggressive scans, which could reveal service info but does not reflect the explicit -sV step described. Also, Hydra being applied to sftp (SFTP) is a different protocol than SSH (even though SFTP runs over SSH), and the command line shows protocol mismatch. Overall this diverges from the described SSH flow.
Option 4: Wireshark: protocol == SSH, Nmap: -p 21 -sV target_IP, Hydra: -u username -list passlist.txt -service ssh target_IP
- Here, SSH is correctly identified as a protocol, but port 21 is for FTP, not SSH, which indicates a port mismatch. The Hydra syntax uses -u and -list, which does not align with Hydra’s standard options (-l for login/user and -P for password list). The -service ssh is nonstandard in Hydra usage. This option introduces multiple incorrect details about ports and Hydra flags.
In summary, Option 1 is the only choice that faithfully replicates the described workflow: SSH on port 22, with Nmap version detection and Hydra brute-forcing using a username list and a password list against ssh://target_IP.

Similar Questions

What precautionary measure should be taken by penetration testers to ensure they have the legal right to conduct their tests on a particular computer or network?

When pivoting from a compromised node to a target node, only port 80 can be attacked

What are the most complete general steps taken to attack any networked device?

What is difference between vulnerability assessment and penetration testing?

You should enumerate recommended mitigations or next steps in this section of a formal Penetration Test Report.

This section of a formal Penetration Test Report defines the restrictions on the aggressiveness of a penetration test, describes the methods that a pen tester will use to reach a target, and provides a list of the planned/executed tests.

A is limited to the scanning and enumeration phase of the cyber kill chain, while a encompasses the full kill chain.

In which security measure will you find anti-virus software?

More Practical Tools for Students Powered by AI Study Helper

Homework AI Solver

Stylized AI Paper Writer

Plagiarism Checker Assistant

Citation AI Academic Writing Tool

In-Class Translation Assistant

AI Note Generator

AI Quiz Answers

Past Exam Questions from University Test Bank

Smart Practice Assistant

Adaptive Practice

Making Your Study Simpler