Great News!
Many students who study using our platform have reported that a large number of the practice questions here are very similar to those that appear in real exams. View Courses
Many students who study using our platform have reported that a large number of the practice questions here are very similar to those that appear in real exams. View Courses
A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server.
Which of the following can be done with the pcap to gain access to the server?
Correct Answer: D. Utilize a pass-the-hash attack.
When a penetration tester captures NTLM challenge-response traffic, they can extract the NTLM hash of a user's password. NTLM authentication does not require knowing the plaintext password—attackers can reuse the hash in what is called a Pass-the-Hash (PtH) attack to authenticate to the server.
Why the Other Options Are Incorrect:
Perform vertical privilege escalation.
Vertical privilege escalation means gaining higher privileges (e.g., from user to admin/root) on a system.
Incorrect because capturing NTLM traffic does not, by itself, elevate privileges.
Replay the captured traffic to the server to recreate the session.
NTLM challenge-response authentication includes a nonce (random number) generated by the server.
Incorrect because NTLM authentication uses a challenge-response mechanism that prevents direct replay attacks.
Use John the Ripper to crack the password.
NTLM hashes can be cracked using John the Ripper or Hashcat, but this is not the most efficient way to gain access.
Incorrect because cracking the hash is unnecessary when Pass-the-Hash can be used directly.
No Payment Cards Needed
Discover a range of courses designed to provide you with the knowledge and skills needed to excel in your chosen field.
You don’t need one month to study and pass your test.
With Prepsaret, it takes you a few days to grasp all the concepts needed to pass your exams
