Which of the following describes the technique that allows an attacker to authenticate to a remote server or service by using the underlying NTLM or LanMan hash of a user's password, instead of requiring the actual plaintext password?
Pass the hash (PtH) is a technique where an attacker captures password hashes from one machine and then uses those hashes to authenticate to another machine without requiring the plaintext password. This is possible because certain authentication protocols do not require the original user password, but rather rely on hash values for authentication, enabling attackers to move laterally within the network. Kerberos golden ticket, on the other hand, refers to the compromise of the Kerberos service within Active Directory to grant extensive rights within the infrastructure and is not directly related to authenticating with password hashes. Password spraying and brute force attacks are different attack methods focusing on guessing or cracking passwords. In password spraying, the attacker tries a few commonly used passwords against many accounts, while brute force attacks attempt many passwords against a single account until the correct one is found.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are NTLM and LanMan hashes?
Open an interactive chat with Bash
How does Pass the Hash allow lateral movement in a network?
Open an interactive chat with Bash
What is the difference between Pass the Hash and Kerberos attacks?