Showing Articles About
ntlm
- 11 Jul 2018
Passing-the-Hash to NTLM Authenticated Web Applications
This article details a Pass-the-Hash (PtH) attack technique against web applications using Windows NTLM authentication. The attack allows impersonation of domain users by injecting a user's NT hash to authenticate to web applications without knowing the actual password. A practical demonstration is provided using an Exchange 2013 server and Mimikatz to execute the attack.