LAB 330 - ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes

Course Overview

Adversaries may “pass the hash” using stolen password hashes to move laterally within an environment, bypassing normal system access controls. Pass the hash (PtH) is a method of authenticating as a user without having access to the user’s cleartext password. This method bypasses standard authentication steps that require a cleartext password, moving directly into the portion of the authentication that uses the password hash.

The objective of this lab is to execute a “pass the hash” attack using stolen password hashes.

Looking To Learn More?

Request more information on our courses and labs.

Course Details

Course Number: LAB 330

Course Duration: 15 minutes

Course CPE Credits: 0.25

NICE Specialty Areas

Platform

Standard

Technology

Type

Foreign Languages Available:

  • English