Pass the Hash
Pass the Hash
The infamous breach of over 40 million Target customer accounts was successful partly due to the well-known attack technique called pass the hash (PtH). The hackers used PtH to gain access to an NT hash token that would allow them to log-in to the Active Directory administrator’s account without the plaintext password — thereby giving them the necessary privileges to create a new domain admin account, later adding it to the Domain Admins group. This root in the system gave them the opportunity to steal personal information and payment card details from Target’s customers.
What you need to know: Pass the hash allows an attacker to authenticate a user’s password with the underlying NTLM or LanMan hash instead of the associated plaintext password. Once the hacker has a valid username along with their password’s hash values, they can get into the user’s account without issue, and perform actions on local or remote systems. Essentially, hashes replace the original passwords that they were generated from.
Comments
Post a Comment