I am going to performing an internal pentest. Is it possible to sniff active directory credentials using Wireshark or Ettercap when a user logs on and authenticates to using their domain credentials?
Asked
Active
Viewed 2,724 times
1 Answers
1
Provided a server is involved in the authentication process, yes, it is possible to sniff the login credentials.
Joe
- 2,734
- 2
- 12
- 22
-
the server would be a windows domain controller does Microsoft encrypt the password before sending it to the domain controller – okhan May 12 '17 at 13:25
-
Yes, the password will be encrypted with AES-128 encryption. – Joe May 12 '17 at 13:33
-
thank you so much for your time in answering my question. Also would I be able to capture this password and maybe replay it like a pass the hash. It seams kind of pointless to encrypt the password if data can be sent in cypertext. – okhan May 15 '17 at 17:53
-
Yes, I believe it is possible for a pass the hash attack to be done in this way. – Joe May 15 '17 at 18:02