Exam GPEN All QuestionsBrowse all questions from this exam
Go to Exam
Question 13

Analyze the command output below. Given this information, which is the appropriate next step for the tester?

Starting Nmap4.53 (hnp://insecure.org I at2010-09-30 19:13 EDT interesting ports on 192.163.116.101:

PORT STATE SERVICE -

130/tcp filtered cisco-fna

131/tcp filtered cisco-tna

132/tcp filtered cisco-sys

133/tcp filtered statsrv

134/tcp filtered Ingres-net

135/tcp filtered msrpc

136/tcp filtered profile

137/tcp filtered netbios-ns

138/tcp filtered netbios-dgm

139/tcp open netbios-ssn

140/tcp filtered emfis-data

MAC Address: 00:30:1&:B8:14:8B (Shuttle)

warning: OSS can results may be unreliable because we could not find at least l open and l closed port

Device type, general purpose -

Running: Microsoft Windows XP -

OS details: Microsoft Windows XP SP2

Network Distance : 1 hop -

Nmap done: I IP address (I host up) scanned in l .263 seconds

    Correct Answer: D

    Given that port 139/tcp is open and running the netbios-ssn service, the appropriate next step would be to request a list of shares from the scanned host. This is because the CIFS service, associated with file sharing, typically runs on this port. There is no need to send another SYN packet as the port is already confirmed to be open.

Discussion
devnullOption: D

I think D is correct. In 139/tcp, it is expected that the CIFS service is running. We should query this for the list of shares. We already know that 139/tcp is open, so there is no need to send another SYN packet.

awfadwafOption: D

should be D