In a pass-the-hash scenario, what credential is used to authenticate without providing plaintext passwords?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

In a pass-the-hash scenario, what credential is used to authenticate without providing plaintext passwords?

Explanation:
In a pass-the-hash scenario, authentication is performed using the NT hash rather than a plaintext password. The NT hash is Windows’ password-derived credential used in NTLM authentication. If an attacker obtains this hash, they can present it to a remote service to prove knowledge of the password without ever sending or revealing the plaintext. This enables access and potential lateral movement with the same rights as the original user, provided the hash corresponds to an account with those privileges. The other options don’t fit because they either involve using plaintext credentials, reusing someone else’s credentials in a non-hash form, or offline cracking, none of which describe the credentials used in pass-the-hash.

In a pass-the-hash scenario, authentication is performed using the NT hash rather than a plaintext password. The NT hash is Windows’ password-derived credential used in NTLM authentication. If an attacker obtains this hash, they can present it to a remote service to prove knowledge of the password without ever sending or revealing the plaintext. This enables access and potential lateral movement with the same rights as the original user, provided the hash corresponds to an account with those privileges. The other options don’t fit because they either involve using plaintext credentials, reusing someone else’s credentials in a non-hash form, or offline cracking, none of which describe the credentials used in pass-the-hash.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy