adam's notes

❯

❯

Pass the Hash Attack

Pass the Hash Attack

Pass the hash is an attack in which an attacker authenticates to a server or service using the NTLM’s password hash of a user.

replaces the need to brute-force a password hash to obtain the cleartext password
exploits an implementation vulnerability in NTLM’s authentication protocol
- where a user’s password hash remains static from session to session until the user’s password is changed by the user
can be launched against any server or service accepting NTLM authentication

New technology LAN manager (NTLM) is a challenge-response authentication protocol.

An NTLM credential consists of:
- a domain name
- a username
- and a password hash
user’s password is not sent to a system or service using NTLM authentication

Graph View

Backlinks

Operations, Applications, and Solutions

Created with Quartz v4.5.2 © 2026

CC BY-NC-SA
adamfurman.me