During an internal penetration test you gain a SYSTEM shell on a Windows Server 2019 member of an Active Directory domain. Running mimikatz.exe "sekurlsa::logonpasswords" reveals the NTLM hash of a domain administrator. Several file servers in the same subnet have SMB signing disabled. Which technique will let you immediately access those servers without knowing the clear-text password?
Launch an LLMNR/NBT-NS poisoning attack from the compromised host to capture additional network hashes.
Use Mimikatz to perform a pass-the-hash attack with the administrator's NTLM hash and open an SMB session to the file servers.
Forge a Golden Ticket using the captured hash to generate a long-lived Kerberos ticket granting unlimited domain access.
Run RID cycling against the domain controller to discover other privileged account SIDs and attempt brute-force logins.
With the NTLM hash of a domain administrator already in hand, the quickest way to move laterally is a pass-the-hash (PtH) attack. Using Mimikatz's sekurlsa::pth (or a similar tool) you can create a new process that authenticates to SMB services by presenting the captured NTLM hash instead of the clear-text password. Because SMB signing is disabled on the target file servers, the hash can be replayed without being rejected.
The other options do not provide the same direct, immediate access:
RID cycling only enumerates additional SIDs; it does not grant logon privileges.
LLMNR/NBT-NS poisoning is a credential interception technique, not a method for reusing an already obtained hash.
A Golden Ticket attack requires the krbtgt key, not a user's NTLM hash, and is unnecessary when a valid domain admin hash is available.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SMB signing and why does it matter in pass-the-hash attacks?
Open an interactive chat with Bash
How does pass-the-hash (PtH) work with Mimikatz?
Open an interactive chat with Bash
What is the difference between NTLM hashes and Kerberos tickets in attacks?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
System Hacking Phases and Attack Techniques
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .