Alice, an administrator of a standalone web server, activated the login window by pressing the key combination Ctrl+Alt+Del and logged into the server using her local user account through challenge-response authentication protocol. To which of the following attack is the server most subject?
A. Side channel
B. Kerberos exploitation
C. Pass the hash
D. Fault injection
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Pass the hash.
The attack, Pass the hash, is specific to NTLM or challenge-response authentication protocol. Early versions of Microsoft Windows and SAMBA-based systems use NTLM authentication instead of Kerberos.
This question implies the server is a Microsoft Windows server:
- The login window is activated by the key combination Ctrl+Alt+Del.
- The standalone web server implies it doesn’t join the Active Directory as a member server.
- A standalone server and challenge-response authentication protocol imply it uses NTLM, instead of Kerberos.
Fault injection is one type of side-channel attack against cryptographic systems.
- Pass the hash
- How To Attack Kerberos 101
- Kerberos tickets: Comprehension and exploitation
- Kerberos (II): How to attack Kerberos?
- Fault injection
- Fault injection attacks on cryptographic devices and countermeasures
- Pass the hash deep dive
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
Alice是一台獨立Web服務器的管理員，按組合鍵Ctrl + Alt + Del激活了登錄窗口，並通過質詢響應(challenge-response)身份驗證協議，使用她的本地用戶帳戶登錄到服務器。 服務器最容易受到以下哪種攻擊？
A. 側通道 (Side channel)
B. Kerberos利用 (Kerberos exploitation)
C. 傳遞哈希 (Pass the hash)
D. 故障注入 (Fault injection)