LAB 330 - ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes

Course Details

Course Number: LAB 330

Course Duration: 15 minutes

Course CPE Credits: 0.3

NICE Specialty Areas

Risk Management (RSK)
Securely Provision (SP)
Software Development (DEV)

Related Subject Matter

CWE
Java
MITRE ATT&CK
OWASP ASVS
Skill Labs
Web

Foreign Languages Available:

English

Course Overview

Adversaries may “pass the hash” using stolen password hashes to move laterally within an environment, bypassing normal system access controls. Pass the hash (PtH) is a method of authenticating as a user without having access to the user’s cleartext password. This method bypasses standard authentication steps that require a cleartext password, moving directly into the portion of the authentication that uses the password hash.

The objective of this lab is to execute a “pass the hash” attack using stolen password hashes.

Ready to Demo this course? Questions? Contact Us!