Pass-the-ticket attacks exploit which authentication mechanism by using tickets in memory?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Pass-the-ticket attacks exploit which authentication mechanism by using tickets in memory?

Explanation:
Pass-the-ticket attacks exploit Kerberos, the ticket-based authentication method used in Windows domains. In Kerberos, after a user logs in, a Ticket Granting Ticket (and later service tickets) are issued and held in memory. An attacker who can dump or access those in-memory tickets can reuse them to authenticate as that user to other services without needing the user’s password. This re-use of valid tickets is the essence of pass-the-ticket. NTLM doesn’t use tickets—it's a challenge-response mechanism. SSH keys are a key-based authentication method, not tickets. OAuth uses tokens in a web-based flow, not Kerberos tickets.

Pass-the-ticket attacks exploit Kerberos, the ticket-based authentication method used in Windows domains. In Kerberos, after a user logs in, a Ticket Granting Ticket (and later service tickets) are issued and held in memory. An attacker who can dump or access those in-memory tickets can reuse them to authenticate as that user to other services without needing the user’s password. This re-use of valid tickets is the essence of pass-the-ticket.

NTLM doesn’t use tickets—it's a challenge-response mechanism. SSH keys are a key-based authentication method, not tickets. OAuth uses tokens in a web-based flow, not Kerberos tickets.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy