ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam
Go to Exam

Exam 312-50v11 topic 1 question 399 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 399
Topic #: 1
[All 312-50v11 Questions]

Mary, a penetration tester, has found password hashes in a client system she managed to breach. She needs to use these passwords to continue with the test, but she does not have time to find the passwords that correspond to these hashes.
Which type of attack can she implement in order to continue?

  • A. Pass the hash
  • B. Internal monologue attack
  • C. LLMNR/NBT-NS poisoning
  • D. Pass the ticket
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by dinonino at Sept. 18, 2022, 7:08 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Daniel8660
8 months, 3 weeks ago
Selected Answer: A
Active Online Attacks: Hash Injection/Pass-the-Hash (PtH)Attack A hash injection/PtH attack allows an attacker to inject a compromised hash into a local session and use the hash to validate network resources. The attacker finds and extracts a logged-on domain admin account hash, and uses the extracted hash to log on to the domain controller. (P.584/568)
upvoted 2 times
...
Daniel8660
9 months, 3 weeks ago
Selected Answer: A
Active Online Attacks: Hash Injection/Pass-the-Hash (PtH) AttackThe attacker finds and extracts a logged-on domain admin account hash, uses the extracted hash to log on to the domain controller. (P.584)
upvoted 1 times
...
dinonino
9 months, 3 weeks ago
Active Online Attacks: Hash Injection/Pass-the-Hash (PtH) Attack A hash injection/PtH attack allows an attacker to inject a compromised hash into a local session and use the hash to validate network resources The attacker finds and extracts a logged-on domain admin account hash The attacker uses the extracted hash to log on to the domain controller
upvoted 1 times
dinonino
9 months, 3 weeks ago
Additional details for other options: Attackers perform an internal monologue attack using SSPI (Security Support Provider Interface) from a user-mode application, where a local procedure call to the NTLM authentication package is invoked to calculate the NetNTLM response in the context of the logged-on user Attackers launch pass-the-ticket attacks either by stealing the ST/TGT from an end-user machine and using it to disguise themselves as a valid user, or by stealing the ST/TGT from a compromised AS. After obtaining one of these tickets, an attacker can gain unauthorized access to the network services and search for additional permissions and critical data. Attackers use tools such as Mimikatz, Rubeus, Windows Credentials Editor, etc. to launch pass-the-ticket attacks Active Online Attacks: LLMNR/NBT-NS Poisoning: LLMNR and NBT-NS are the two main elements of Windows operating systems that are used to perform name resolution for hosts present on the same link The attacker cracks the NTLMv2 hash obtained from the victim’s authentication process The extracted credentials are used to log on to the host system in the network Tool: Responder
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel