LAB 330 - ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes
Course Details
Course Number: LAB 330
Course Duration: 15 minutes
Course CPE Credits: 0.3
NICE Specialty Areas
Related Subject Matter
Foreign Languages Available:
- English
Course Overview
Adversaries may “pass the hash” using stolen password hashes to move laterally within an environment, bypassing normal system access controls. Pass the hash (PtH) is a method of authenticating as a user without having access to the user’s cleartext password. This method bypasses standard authentication steps that require a cleartext password, moving directly into the portion of the authentication that uses the password hash.
The objective of this lab is to execute a “pass the hash” attack using stolen password hashes.