Skip to Main Content
Hands-On Penetration Testing on Windows
book

Hands-On Penetration Testing on Windows

by Phil Bramwell
July 2018
Intermediate to advanced content levelIntermediate to advanced
452 pages
11h 51m
English
Packt Publishing
Content preview from Hands-On Penetration Testing on Windows

Quit stalling and pass the hash – exploiting password equivalents in Windows

Remember that Windows passwords are special (it isn't a compliment this time) in that they aren't salted. If my password is Phil, then the NTLM hash you find will always be 2D281E7302DD11AA5E9B5D9CB1D6704A. Windows never stores or transmits a password in any readable form; it only verifies hashes. There's an obvious consequence to this and it's exploited with the Pass-the-Hash (PtH) attack.

Why did Microsoft decide to not use salts? Microsoft has stated that salting isn't necessary due to the other security measures in place, but I can't think of a security practitioner who would agree. The real reason is likely due to those recurring themes in Windows design: backward ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Hands-On Web Penetration Testing with Metasploit

Hands-On Web Penetration Testing with Metasploit

Harpreet Singh, Himanshu Sharma
Metasploit Penetration Testing Cookbook - Third Edition

Metasploit Penetration Testing Cookbook - Third Edition

Nipun Jaswal, Daniel Teixeira, Abhinav Singh, Monika Agarwal
Web Penetration Testing with Kali Linux - Third Edition

Web Penetration Testing with Kali Linux - Third Edition

Gilberto Najera-Gutierrez, Juned Ahmed Ansari

Publisher Resources

ISBN: 9781788295666Supplemental Content