Questions tagged [pass-the-hash]

In cryptanalysis and computer security, pass the hash is a hacking technique that allows an attacker to authenticate to a remote server or service by using the underlying NTLM or LanMan hash of a user's password, instead of requiring the associated plaintext password as is normally the case.

After an attacker obtains valid user name and user password hash values (somehow, using different methods and tools), they are then able to use that information to authenticate to a remote server or service using LM or NTLM authentication without the need to brute-force the hashes to obtain the cleartext password (as it was required before this technique was published). The attack exploits an implementation weakness in the authentication protocol, where password hash remain static from session to session until the password is next changed.

This technique can be performed against any server or service accepting LM or NTLM authentication, whether it runs on a machine with Windows, Unix, or any other operating system.

7 questions

votes

3 answers

How to pass hash as password to ssh server

I have a hashed password $6$salt$hash. I want to ssh to a linux server with this hash. How could I do that? Do I need to change cipher spec? Is that possible?

ssh pass-the-hash

asked May 03 '19 at 03:18

user203988

votes

0 answers

How does local pass-the-hash (mimikatz's sekurlsa::pth) work?

Mimikatz's sekurlsa::pth documentation states: mimikatz can perform the well-known operation 'Pass-The-Hash' to run a process under another credentials with NTLM hash of the user's password, instead of its real password. For this, it starts a…

authentication windows mimikatz pass-the-hash

asked Jun 23 '21 at 14:17

Nico

vote

1 answer

Is it possible make a Pass-The-Hash attack with Responder?

The tool Responder written in Python permits to listen on a specific network card requests and automatically poisoning victims the steal hash NTLMv1 and hash NTLMv2. The attack Pass-The-Hash permits to connect to a service like SMB. I am a little…

active-directory kerberos ntlm domain-controller pass-the-hash

asked Oct 18 '20 at 10:16

Anonyme

vote

0 answers

Remote access to Windows Workstation with credentials, after Windows 10 - 1809

I am a newbie in terms of OS security and I started learning from Windows; in particular I downloaded Win10 virtual machine and I am simulating various attack / defense scenarios on it. I would like to understand if, knowing the windows credentials…

windows-10 remote-desktop credentials administration pass-the-hash

asked Feb 23 '19 at 13:50

user3455762

votes

0 answers

Unable to access psexec resource using pass the hash (mimikatz+meterpreter)

Here is setup Machine 2 logged in as user2 share folder access granted to user3 Machine 3 logged in as user3 Machine 1 (server1.hacklab.local) domain administrator Here are the commands I used use exploit/windows/smb/psexec set rhost…

meterpreter powershell pass-the-hash

asked Jun 07 '22 at 18:18

Saladin

1,547
3
14
23

votes

1 answer

How to overcome MD4 hashing in SAMBA

We are using a Samba configuration on our RedHat (RHEL7.9) systems, where SMB authentication is based on an NTLM password hash, which is basically a clear-text credential for a challenge-response authentication that is stored in a separate…

ldap samba pass-the-hash

asked Aug 20 '21 at 12:00

Karn Kumar

votes

1 answer

Is this Wikipedia article about SCRAM wrong?

At my Company, we put a honeypot in our network and it raised us the Lansweeper SSH password used to connect to the scanned assets (and it is reusable over many boxes...). So it is a way for an attacker to get sensitive passwords in a corporate…

hash challenge-response pass-the-hash

asked Oct 06 '20 at 13:41

Sibwara

1,316
7
19