Meow's CyberAttack - Application/Server Attacks - Pass the Hash

• Meow’s CyberAttack - Application/Server Attacks - Pass the Hash
  • Pass the Hash

book:

• S+ 7th ch9

---

Meow’s CyberAttack - Application/Server Attacks - Pass the Hash

---

Pass the Hash

• This attack takes advantage of a weakness in the authentication protocol (NTLM and LanMan)
  • in which the password hash remains static from session to session until the password is changed .
  • Attacker send an authenticated copy of the password hash value (along with a valid username) and authenticate to any remote server (Windows, Unix…) that is accepting LM or NTLM authentication.
  • Solution: Disable NTLM