Pass the Hash is a technique used to authenticate using what?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Pass the Hash is a technique used to authenticate using what?

Explanation:
Pass the Hash relies on using a Windows NTLM credential directly as proof of identity. If an attacker captures the NTLM hash, they can present that hash to a target service and be authenticated as that user without ever knowing the plaintext password. The authentication handshake accepts the hash as the credential, so possession of the hash equals access to resources that accept NTLM authentication, enabling lateral movement and resource access. This isn’t about a one-time password, public-key cryptography, or a nonce used for anti-replay; it’s about using the captured hash itself as the credential.

Pass the Hash relies on using a Windows NTLM credential directly as proof of identity. If an attacker captures the NTLM hash, they can present that hash to a target service and be authenticated as that user without ever knowing the plaintext password. The authentication handshake accepts the hash as the credential, so possession of the hash equals access to resources that accept NTLM authentication, enabling lateral movement and resource access. This isn’t about a one-time password, public-key cryptography, or a nonce used for anti-replay; it’s about using the captured hash itself as the credential.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy