312-50V13 · Question #455
312-50V13 Question #455: Real Exam Question with Answer & Explanation
The correct answer is D: Pass the hash. Pass the Hash (Option D) allows an attacker to authenticate to a system using the stolen hash value directly, without ever needing to crack or know the actual plaintext password - making it the perfect technique for Mary's time-constrained situation. LLMNR/NBT-NS poisoning (A) is
Question
Mary, a penetration tester, has found password hashes in a client system she managed to breach. She needs to use these passwords to continue with the test, but she does not have time to find the passwords that correspond to these hashes. Which type of attack can she implement in order to continue?
Options
- ALLMNR/NBT-NS poisoning
- BInternal monologue attack
- CPass the ticket
- DPass the hash
Explanation
Pass the Hash (Option D) allows an attacker to authenticate to a system using the stolen hash value directly, without ever needing to crack or know the actual plaintext password - making it the perfect technique for Mary's time-constrained situation. LLMNR/NBT-NS poisoning (A) is a credential capture technique used to intercept authentication requests on a local network, not a method for leveraging already-obtained hashes. Internal monologue attack (B) is used to retrieve NTLM password hashes from memory without touching LSASS directly - it's a harvesting technique, not an exploitation one. Pass the ticket (C) involves stealing and reusing Kerberos tickets (TGTs/service tickets), which is a different type of lateral movement that requires tickets, not hashes.
Memory tip: Think of "Pass the Hash" literally - just like passing a note without reading it, you pass the hash to authenticate without ever needing to read (crack) the actual password. If you have the hash, you already have the key.
Topics
Community Discussion
No community discussion yet for this question.