During a security assessment, a penetration tester uses a tool to capture plaintext log-in credentials on the communication between a user and an authentication system. The tester wants to use this information for further unauthorized access. Which of the following tools is the tester using?
Correct Answer: B
Wireshark is a network packet analyzer used to capture and analyze network traffic in real-time. During a penetration test, it is often used to inspect unencrypted communication to extract sensitive information like plaintext login credentials. Here's how it works:
* Packet Capturing:Wireshark captures the network packets transmitted over a network interface. If a user logs in through an insecure communication protocol (e.g., HTTP, FTP, or Telnet), the credentials are transmitted in plaintext.
* Traffic Filtering:Using filters (e.g., http, tcp.port == 21), the tester narrows down the relevant traffic to locate the login request and response packets.
* Sensitive Data Extraction:Analyzing the captured packets reveals plaintext credentials in the data payload, such as in HTTP POST requests.
* Exploit the Information:After extracting the plaintext credentials, the tester can attempt unauthorized access to resources using these credentials.
CompTIA Pentest+ References:
* Domain 1.0 (Planning and Scoping)
* Domain 2.0 (Information Gathering and Vulnerability Identification)
* Wireshark Usage Guide