LAB 330 - ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes
Adversaries may “pass the hash” using stolen password hashes to move laterally within an environment, bypassing normal system access controls. Pass the hash (PtH) is a method of authenticating as a user without having access to the user’s cleartext password. This method bypasses standard authentication steps that require a cleartext password, moving directly into the portion of the authentication that uses the password hash.
The objective of this lab is to execute a “pass the hash” attack using stolen password hashes.
Looking To Learn More?
Request more information on our courses and labs.