HomeGlossary › What is a pass-the-hash attack?

What is a pass-the-hash attack?

D2 ยท Threats  ยท  CompTIA Security+ SY0-701
A pass-the-hash (PtH) attack uses a captured NTLM password hash to authenticate to a system without knowing the actual plaintext password. Since Windows NTLM authentication accepts the hash directly, cracking isn't required.

Tools used: Mimikatz, Metasploit.

Prevention: Credential Guard (isolates LSASS), disable NTLM where possible, use Kerberos, implement least privilege, monitor for lateral movement.
PtH is a lateral movement technique. The attacker dumps hashes from one machine and uses them to access others. This is why defending admin accounts is critical โ€” their hashes give access everywhere.
โ† Back to Glossary Practice Questions โ†’

// Related Terms

โ†’ What is SQL injection? โ†’ What is cross-site scripting (XSS)? โ†’ What is a man-in-the-middle (MITM) attack? โ†’ What is a buffer overflow attack?