312-50V12 Question #89: Real Exam Question with Answer & Explanation

Question

Mary, a penetration tester, has found password hashes in a client system she managed to breach. She needs to use these passwords to continue with the test, but she does not have time to find the passwords that correspond to these hashes. Which type of attack can she implement in order to continue?

Options

• APass the hash
• BInternal monologue attack
• CLLMNR/NBT-NS poisoning
• DPass the ticket

Explanation

Pass the Hash Explanation

Option A is correct because a Pass the Hash (PtH) attack allows an attacker to authenticate to a system using the captured NTLM/LM hash directly, without ever needing to crack or know the actual plaintext password - making it the perfect solution when time is a constraint.

Why the distractors are wrong:

• B (Internal Monologue Attack) is used to extract NTLM hashes from memory without touching LSASS, so it's a hash-harvesting technique, not a technique to leverage existing hashes.
• C (LLMNR/NBT-NS Poisoning) is a network-based credential capture technique that intercepts broadcast requests - it's about gathering credentials, not using already-obtained hashes.
• D (Pass the Ticket) is a Kerberos-based attack that uses stolen Kerberos tickets (not NTLM hashes) to authenticate, such as in Golden/Silver Ticket attacks.

Memory Tip: Think of it literally - you're "passing" the hash instead of the password. If the question mentions hashes + no time to crack, your brain should immediately jump to Pass the Hash. The key phrase is bypassing the need for a plaintext password.

No community discussion yet for this question.