During an internal penetration test you compromise a Windows workstation and, with Responder, capture the domain administrator's NTLMv2 hash over SMB. Cracking the hash is unlikely to succeed before the engagement ends, but the environment still allows NTLM authentication. Which technique will let you open an interactive shell on another domain-joined server without first recovering the clear-text password?
Forge a Golden Ticket for the administrator by generating a counterfeit krbtgt ticket and injecting it into your session.
Use a pass-the-hash attack with an SMB execution tool such as Impacket's psexec.py to authenticate using the captured NTLM hash.
Request and crack the administrator's service tickets through Kerberoasting, then reuse the recovered keys to log in.
Conduct a password-spraying campaign across domain hosts with the administrator username and a shortlist of common passwords.
A pass-the-hash attack lets you authenticate to an SMB service by presenting the captured NTLMv2 hash in place of the real password. Tools such as Impacket's psexec.py (or smbexec.py) perform the NTLM challenge-response with the supplied hash, create a service on the remote host, and return a SYSTEM-level shell. Password spraying requires plaintext guesses, Kerberoasting focuses on cracking service-account keys from Kerberos tickets rather than giving immediate access, and forging a Golden Ticket needs the krbtgt account's password hash-not just one administrator's NTLM hash.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is NTLM authentication?
Open an interactive chat with Bash
How does a pass-the-hash attack work?
Open an interactive chat with Bash
What is Impacket's psexec.py tool and how does it help with pass-the-hash attacks?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
System Hacking Phases and Attack Techniques
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .