Mimikatz Pass the Hash Attacks
Mimikatz can also perform other attacks like, “Pass the Hash”, Golden Ticket and Silver Ticket. These involve using tickets or hashes themselves to gain access. Though beyond the scope of this book, I have given a brief description of each below.
➢ Pass the Hash - Using the encrypted hash directly for access without cracking it.
➢ Golden Ticket Attack - Forge a Kerberos Ticket Granting Ticket (TGT) for persistent access.
➢ Silver Ticket Attack - Forge a service ticket for accessing specific services.
See the tool WiKi for more information.
Conclusion
In this chapter, we covered a lot of practical theory on Microsoft Windows based password security. We covered two of the main Windows security authentication protocols, Kerberos and NTLM. We took a look at Kerberoasting, a popular attack against Kerberos. We also looked at several tools...