With one day left to complete the testing phase of an engagement, a penetration tester obtains the following results from an Nmap scan:
Not shown: 1670 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.2.3 (CentOS)
3306/tcp open mysql MySQL (unauthorized)
8888/tcp open http lighttpd 1.4.32
Which of the following tools should the tester use to quickly identify a potential attack path?
Correct Answer: B
* SearchSploit is a command-line interface for Exploit-DB that allows testers to quickly search for known exploits based on software name and version.
* With Apache 2.2.3, lighttpd 1.4.32, and MySQL, the tester can plug these into SearchSploit to identify vulnerabilities, matching the goal of finding quick attack paths with limited time.
Other tools:
* msfvenom: Payload generator, not a search tool.
* sqlmap: SQLi exploitation tool, useful for web apps with SQLi, but requires validation of such a vuln first.
* BeEF: Browser exploitation framework, not relevant here.
CompTIA PenTest+ Reference:
* PT0-003 Objective 2.2 & 2.5: Exploit and identify attack paths.
* SearchSploit and Exploit-DB usage are recommended tools in CompTIA's resources.