LAB 630 – ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes

Course Overview


Adversaries may “pass the hash” using stolen password hashes to move laterally within an environment, bypassing normal system access controls. Pass the hash (PtH) is a method of authenticating as a user without having access to the user’s cleartext password. This method bypasses standard authentication steps that require a cleartext password, moving directly into the portion of the authentication that uses the password hash.

The objective of this lab is to execute a “pass the hash” attack using stolen password hashes.

Looking To Learn More?

Request more information on our courses and labs.

* required

Course Details

Course Number: LAB 630
Course Duration: 15 minutes
Course CPE Credits: 0.25

NICE Specialty Areas

Available Languages

  • English