Certified Ethical Hacker (CEH v12) — Question 115
Mary, a penetration tester, has found password hashes in a client system she managed to breach. She needs to use these passwords to continue with the test, but she does not have time to find the passwords that correspond to these hashes.
Which type of attack can she implement in order to continue?
Answer options
- A. Pass the hash
- B. Internal monologue attack
- C. LLMNR/NBT-NS poisoning
- D. Pass the ticket
Correct answer: A
Explanation
The correct answer is 'Pass the hash' because this technique allows an attacker to authenticate using the hashed passwords without needing to crack them. The other options, such as 'Internal monologue attack' and 'Pass the ticket', do not apply to this scenario, while 'LLMNR/NBT-NS poisoning' is a network attack that does not utilize password hashes directly.