Janet is reading about the "Pass-the-Hash" technique to access a Windows host. She thinks she can use Wireshark to sniff an SMB session between two hosts if she can capture the password hash and user name, and simply send them as credentials anytime she wants in a "Replay Attack".
What are other true statements about this attack? (Choose three)
A) This can also be done using a modified smbclient tool that does not hash an entered password, it will just directly send the hash that Janet captured
B) Janet can also use a tool such as smbrelay to become an SMB proxy and capture credentials that
Way
C) The traffic that Janet sniffed did not include a challenge, if it did the technique is still not impossible just involves more steps
D) Because Microsoft uses techniques such as SMB Signing, Kerberos Timestamps, and Challenges that are used to create unique MAC (Message Authentication Code) s. The Pass-the-hash technique is mostly a proof of concept that works in theory but not in practice.
Correct Answer:
Verified
Q8: Bruno wishes to carry out a session
Q9: Which of the following display filters will
Q10: LaDanian is sniffing some traffic and notices
Q11: ARP spoofing works in part because Ethernet
Q12: Which of the following protocols are not
Q14: Which of the following attacks are not
Q15: Assuming your own address is 192.168.1.1, what
Q16: Zachery sees a video on YouTube that
Q17: During an attack you setup an access
Q18: Arianna wants to implement 802.11b for a
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents