Which tool is commonly used to obtain password hashes when sniffing mode is used by an attacker?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Computer Hacking Forensic Investigator v11 exam. Study with flashcards and multiple choice questions. Each question includes hints and explanations. Get exam-ready efficiently!

Multiple Choice

Which tool is commonly used to obtain password hashes when sniffing mode is used by an attacker?

Explanation:
When an attacker uses sniffing mode, they are passively listening to network traffic to capture credentials as they are transmitted during authentication. On many networks, especially Windows-based ones using NTLM, the credentials aren’t sent as plaintext but as a hashed form along with the username. So what the attacker typically harvests in this scenario is the username together with the password hash. This captured data can then be used for offline cracking or pass-the-hash attacks, making the combination of a username and its corresponding hash the key item obtained through sniffing. The other options don’t fit this scenario as well. A SAM file is stored on a local machine and requires access to that host to retrieve the hashes, not something captured through network sniffing. Network shares that a user has permissions refer to access rights, not the actual credential data transmitted during authentication. A SID identifies an account but isn’t the credential data itself. So the captured credential data during sniffing is best described as the username and password hash.

When an attacker uses sniffing mode, they are passively listening to network traffic to capture credentials as they are transmitted during authentication. On many networks, especially Windows-based ones using NTLM, the credentials aren’t sent as plaintext but as a hashed form along with the username. So what the attacker typically harvests in this scenario is the username together with the password hash. This captured data can then be used for offline cracking or pass-the-hash attacks, making the combination of a username and its corresponding hash the key item obtained through sniffing.

The other options don’t fit this scenario as well. A SAM file is stored on a local machine and requires access to that host to retrieve the hashes, not something captured through network sniffing. Network shares that a user has permissions refer to access rights, not the actual credential data transmitted during authentication. A SID identifies an account but isn’t the credential data itself. So the captured credential data during sniffing is best described as the username and password hash.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy