🔥 3-day streak
CompTIA PenTest+ (PT0-003)37 / 175
Question 37 of 175
During an internal engagement, you have anonymous (null session) access to a Windows Server that appears to be a domain member. You need to enumerate valid domain user accounts to build a target list for later password spraying. RestrictAnonymous is set such that direct user listing via a null session returns no results, but you can still query the SAM/LSA over SMB. Which technique is MOST likely to yield a list of valid domain usernames in this situation?
Reviewed for accuracy · Report an issueNext question