Which is a characteristic of the pass-the-hash attack?
- capture of a password hash (as opposed to the password characters) and using the same hashed value for authentication and lateral access to other networked systems
- reverse engineering of the captured hash password and using the unencrypted password for authentication and lateral access to other networked systems
- compromise of a SAM file and extraction of the password characters to use for authentication and lateral access to other networked systems
- capture of the Windows password before the Kerberos hashing function and use of the unencrypted password for authentication and lateral access to other networked systems
|
Explanation & Hint: The Windows operating system does not know the actual password because it stores only a hash of the password in the SAM database. Since Windows password hashes cannot be reversed, an attacker can just use a password hash collected from a compromised system and then use the same hash to log in to another client or server system. |