LAB 330 ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes

Course Details

Course Number: LAB 330

Course Duration: 15 minutes

Course CPE Credits:

NICE Specialty Areas

Risk Management (RSK)
Securely Provision (SP)
Software Development (DEV)

Related Learning Paths

Core Developer
Web Developer
Q/A Test Engineer
Software Architect
Ethical Hacker
Information Security Specialist

Related Subject Matter

CWE
Java
MITRE ATT&CK
OWASP ASVS
Skill Labs
Web

Foreign Languages Available:

English

Course Overview

Adversaries may “pass the hash” using stolen password hashes to move laterally within an environment, bypassing normal system access controls. Pass the hash (PtH) is a method of authenticating as a user without having access to the user’s cleartext password. This method bypasses standard authentication steps that require a cleartext password, moving directly into the portion of the authentication that uses the password hash.

The objective of this lab is to execute a “pass the hash” attack using stolen password hashes.

Ready to Demo this course? Questions? Contact Us!