Pass-the-Hash(PtH)攻击是一种有效的横向移动技术,在渗透测试和红队操作中常用。该技术无需破解密码哈希即可直接使用NTLM哈希进行身份验证。文章介绍了Windows认证机制(如Kerberos和NTLM)的区别及PtH攻击的应用场景和方法。 2025-9-7 14:46:6 Author: infosecwriteups.com(查看原文) 阅读量:14 收藏
Hey there, back again with another post! 😄
Pass the Hash (PtH) attacks are one of the most effective lateral movement techniques in penetration testing and red team operations. Instead of cracking password hashes to obtain plaintext passwords, this technique allows attackers to authenticate directly using the NTLM hash itself.
In this blog post will see some fundamentals of Windows authentication, when to use PtH attacks, and various methods to perform them from both Windows and Linux.
WINDOWS AUTHENTICATION FUNDAMENTALS
Understanding Kerberos vs NTLM
Before diving into PtH attacks, lets understand the authentication protocols in Windows environments:
Kerberos
is the default authentication method sicne Windows 2000. It uses tickets instead of password hashes. Kerberos requires a Key Distribution Center, typically a domain controller. More secure with mutual authentication.
NTLM (PtH Target)
is an older authentication method that is still widely used. NTLM uses a challenge-response protocol using password hashes. No mutual authentication is present which means the client doesn’t verify the server. It is still used for backward compatibility and in certain scenarios. This is where Pass-the-Hash attacks occur.
如有侵权请联系:admin#unsafe.sh