Which tool is commonly used to obtain password hashes when sniffing mode is used by an attacker?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

Which tool is commonly used to obtain password hashes when sniffing mode is used by an attacker?

Explanation:
When an attacker uses sniffing mode, they are passively listening to network traffic to capture credentials as they are transmitted during authentication. On many networks, especially Windows-based ones using NTLM, the credentials aren’t sent as plaintext but as a hashed form along with the username. So what the attacker typically harvests in this scenario is the username together with the password hash. This captured data can then be used for offline cracking or pass-the-hash attacks, making the combination of a username and its corresponding hash the key item obtained through sniffing. The other options don’t fit this scenario as well. A SAM file is stored on a local machine and requires access to that host to retrieve the hashes, not something captured through network sniffing. Network shares that a user has permissions refer to access rights, not the actual credential data transmitted during authentication. A SID identifies an account but isn’t the credential data itself. So the captured credential data during sniffing is best described as the username and password hash.

When an attacker uses sniffing mode, they are passively listening to network traffic to capture credentials as they are transmitted during authentication. On many networks, especially Windows-based ones using NTLM, the credentials aren’t sent as plaintext but as a hashed form along with the username. So what the attacker typically harvests in this scenario is the username together with the password hash. This captured data can then be used for offline cracking or pass-the-hash attacks, making the combination of a username and its corresponding hash the key item obtained through sniffing.

The other options don’t fit this scenario as well. A SAM file is stored on a local machine and requires access to that host to retrieve the hashes, not something captured through network sniffing. Network shares that a user has permissions refer to access rights, not the actual credential data transmitted during authentication. A SID identifies an account but isn’t the credential data itself. So the captured credential data during sniffing is best described as the username and password hash.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy