In a penetration testing scenario, you captured encrypted traffic between a client and a server using Wireshark. You identified the protocol as being SSH. You then used Nmap to identify the version of the SSH server and discovered it was vulnerable to a specific brute-force attack. Using Hydra, you attempted to exploit this vulnerability. Considering this flow, which of the following sequences of filters or commands is most likely accurate?

Question

BlackTom AI · Accepted Answer

First, let's restate the scenario: you captured traffic that was SSH, used Nmap to determine the SSH service version on port 22, and then attempted a brute-force using Hydra with a username list and a password list. We want the sequence of filters/commands that aligns with this flow.
Option 1: Wireshark: tcp.port == 22, Nmap: -p 22 -sV target_IP, Hydra: -l username -P passlist.txt ssh://target_IP
- This matches the described steps precisely: filter for SSH traffic on port 22 in Wireshark, probe port 22 with Nmap and enable version detection (-sV), and run Hydra against SSH using a username list (-l) and a password list (-P). The protocol, port, and targets are consistent with SSH on port 22.
Option 2: Wireshark: ssh.request, Nmap: -p 22 --version-light target_IP, Hydra: -l username -p password ssh://target_IP
- Problems: ssh.request is not a standard Wireshark filter; it’s not a reliable or typical capture filter term. The Nmap option --version-light is a minor version probe, which is plausible, but the Hydra syntax here uses -p password, which is incorrect (Hydra uses -P for a password list, not a single -p). Overall, this option deviates from the stated flow and contains syntax issues.
Option 3: Wireshark: tcp.dstport == 23, Nmap: -p 22 -A target_IP, Hydra: -l username -P passlist.txt sftp://target_IP
- Mismatch here: SSH typically uses port 22 by default; filtering on dst port 23 suggests SSH as well as SSH is not being targeted correctly. The Nmap -A flag enables aggressive scans, which could reveal service info but does not reflect the explicit -sV step described. Also, Hydra being applied to sftp (SFTP) is a different protocol than SSH (even though SFTP runs over SSH), and the command line shows protocol mismatch. Overall this diverges from the described SSH flow.
Option 4: Wireshark: protocol == SSH, Nmap: -p 21 -sV target_IP, Hydra: -u username -list passlist.txt -service ssh target_IP
- Here, SSH is correctly identified as a protocol, but port 21 is for FTP, not SSH, which indicates a port mismatch. The Hydra syntax uses -u and -list, which does not align with Hydra’s standard options (-l for login/user and -P for password list). The -service ssh is nonstandard in Hydra usage. This option introduces multiple incorrect details about ports and Hydra flags.
In summary, Option 1 is the only choice that faithfully replicates the described workflow: SSH on port 22, with Nmap version detection and Hydra brute-forcing using a username list and a password list against ssh://target_IP.

类似问题

What precautionary measure should be taken by penetration testers to ensure they have the legal right to conduct their tests on a particular computer or network?

When pivoting from a compromised node to a target node, only port 80 can be attacked

What are the most complete general steps taken to attack any networked device?

What is difference between vulnerability assessment and penetration testing?

You should enumerate recommended mitigations or next steps in this section of a formal Penetration Test Report.

This section of a formal Penetration Test Report defines the restrictions on the aggressiveness of a penetration test, describes the methods that a pen tester will use to reach a target, and provides a list of the planned/executed tests.

A is limited to the scanning and enumeration phase of the cyber kill chain, while a encompasses the full kill chain.

How did Egyptian culture and governance change during the Ptolemaic period compared to the pharaonic period?

更多留学生实用工具

智能学习助手

风格化写作助手

论文查重助手

文献引用助手

课堂转译助手

课堂笔记助手

Quiz搜索助手

学校历年真题

智能刷题助手

智能匹配练习

希望你的学习变得更简单