Overview#

Pass-the-hash ia typically an Attack that allows an attacker to authenticate to a remote Service Provider by using the underlying NTLM or NT LAN Manager hash of a user's password, instead of requiring the associated plaintext password as is normally the case.

After an attacker obtains valid user name and user password hash values (somehow, using different methods and tools), they are then able to use that information to authenticate to a remote Service Provider using NT LAN Manager or NTLM authentication without the need to brute-Force the hashes to obtain the plaintext password (as it was required before this technique was published).

Pass-the-hash attack exploits an implementation weakness in the authentication protocol, where password hash remain static from session to session until the password is next changed.

This technique can be performed against any server or service accepting LM or NTLM authentication, whether it runs on a machine with Microsoft Windows, UNIX/Linux, or any other Operating System.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-5) was last changed on 07-Jun-2017 09:51 by jim