During a penetration test, you have gained access to a Windows server and extracted NTLM hash values from the Security Account Manager (SAM) file. Which of the following tools or methods would you use to leverage these hash values to authenticate to another server without cracking the passwords?
The answer is 'Pass-the-Hash Toolkit' because it is designed to use hash values to authenticate to another system using the extracted NTLM or LM hash directly, bypassing the need for the actual plaintext password, which is consistent with the pass-the-hash attack method. 'John the Ripper' is a password cracking tool mainly used for cracking hashes offline, not for authentication with hashes. 'Password spraying' is an attack method that attempts to log in to many accounts with a few commonly used passwords. 'Rainbow tables' are precomputed tables for reversing cryptographic hash functions, mainly used for cracking password hashes, not for pass-the-hash attacks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Pass-the-Hash Toolkit?
Open an interactive chat with Bash
What are NTLM hashes and why are they significant?