The goal is collecting information transmitted over the network during an internal assessment.
C. responder.py -I eth0 -wP
Responder is a widely used tool for LLMNR/NBT-NS poisoning and network credential capture.
By listening on the network interface (-I eth0), it can intercept authentication requests, capture hashes, and perform MITM attacks.
This directly aligns with network information gathering and interception.
Why not the others?
A. ntlmrelayx.py: Used for relaying captured NTLM hashes to another target, but it doesn’t collect the data directly. Typically used after Responder has captured credentials.
B. nc -tulpn: Netcat with -tulpn is for listening/port binding, not for capturing network authentication broadcasts.
D. crackmapexec smb: SMB enumeration/exploitation tool, useful once credentials are known, but not for collecting transmitted data.
CompTIA PT0-003 Objective Mapping:
Domain 2.0: Information Gathering and Vulnerability Scanning
2.3: Given a scenario, gather information by leveraging tools (e.g., Responder for network-based credential capture).
