What is pass the hash attack?

  • 331
  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    332
    Shares

Pass the hash is a technique that allows an attacker to authenticate to a remote server using the LM and/or NTLM hash of a user’s password, eliminating the need to crack/brute-force the hashes to obtain the clear text password (which is normally used to authenticate).

In the context of NTLM authentication, Windows password hashes are similar to plain text passwords, so rather than trying to crack them offline, hackers can easily use them to obtain unauthorized access.

Hernan Ochoa issued methods for performing the pass-the-hash technique natively in Windows by changing at runtime the username, domain name, and password hashes stored in memory. The technique enables attackers to pass-the-hash using Windows native applications like Windows Explorer to access remote shares, administrative tools like Active Directory Users and Computers, and any other Windows native application that uses NTLM authentication.

Ochoa also published a new method to dump NTLM credentials cached in memory by the Windows authentication subsystem. This method dumps credentials including those of users who logged in remotely and interactively to a computer, such as using RDP.

The method has become very popular between pen testers and hackers because it can enable the compromise of the entire Windows domain after compromising a single computer.

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Latest posts by Unallocated Author (see all)

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!