Certified Ethical Hacker (CEH v11) — Question 324

Mary, a penetration tester, has found password hashes in a client system she managed to breach. She needs to use these passwords to continue with the test, but she does not have time to find the passwords that correspond to these hashes.
Which type of attack can she implement in order to continue?

Answer options

• A. Pass the hash
• B. Internal monologue attack
• C. LLMNR/NBT-NS poisoning
• D. Pass the ticket

Correct answer: A

Explanation

The correct answer is 'Pass the hash' because this technique allows Mary to authenticate using the password hashes directly without needing to crack them. The other options, such as 'Internal monologue attack', do not exist as recognized methods, while 'LLMNR/NBT-NS poisoning' and 'Pass the ticket' pertain to different attack vectors that do not directly utilize password hashes for authentication.