Certified Ethical Hacker (CEH v13) — Question 267

Mary, a penetration tester, has found password hashes in a client system she managed to breach. She needs to use these passwords to continue with the test, but she does not have time to find the passwords that correspond to these hashes.
Which type of attack can she implement in order to continue?

Answer options

• A. Pass the hash
• B. Internal monologue attack
• C. LLMNR/NBT-NS poisoning
• D. Pass the ticket

Correct answer: A

Explanation

The correct answer is 'Pass the hash' because it allows Mary to authenticate using the hash without needing to crack the actual password. The other options, such as 'Internal monologue attack' and 'Pass the ticket', do not apply to leveraging password hashes directly, while 'LLMNR/NBT-NS poisoning' focuses on network name resolution techniques rather than hash exploitation.