Login and Mimikatz
Let’s take a look at what happens when a user logs in. How does Windows know that you are who you say you are? You supply a password. But how does Windows know that it’s the right password? We saw in the cryptography chapter that systems that need to authenticate users should store password hashes, not the passwords themselves. Sure enough, Windows stores user password hashes, not the passwords themselves. Windows does this using a hashing algorithm called NTLM. Windows uses NTLM to generate a hash of the password that the user supplies at login time and compares it to the hash that’s been stored for that user. If it’s a local account, the known-good hash is stored on that computer. If it’s a domain account, then the computer ...
Get Practical Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
