LAB 330 ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes (NEW)
Course Number: LAB 330
Course Duration: 15 minutes
Course CPE Credits:
Related Learning Paths
Foreign Languages Available:
Adversaries may “pass the hash” using stolen password hashes to move laterally within an environment, bypassing normal system access controls. Pass the hash (PtH) is a method of authenticating as a user without having access to the user’s cleartext password. This method bypasses standard authentication steps that require a cleartext password, moving directly into the portion of the authentication that uses the password hash.
The objective of this lab is to execute a “pass the hash” attack using stolen password hashes.