Description:
We had
posted a Pass the Hash Attack demo a while back on SecurityTube. Here is another video of the same by iVictor.
To jog your memory, by default, Windows stores the credentials, username and password hash, of the last 10 people that have logged into a Windows computer. This is a feature, known as cached credential storage, allows users to authenticate even if Active Directory (AD) is unavailable. However, these cached credentials can be used to attack accounts that have authenticated in the past. Additionally, Windows stores the password hashes of users. These hashes can be replayed against other systems with the same username and password combination. This attack is commonly referred to as "passing the hash".
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments: