Which technique involves poisoning LLMNR/NBT-NS to capture credentials on a network?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which technique involves poisoning LLMNR/NBT-NS to capture credentials on a network?

Explanation:
LLMNR/NBT-NS poisoning tricks the network’s name resolution flow. When a computer on a local network needs to resolve a host name and DNS isn’t available, it may broadcast requests using Link-Local Multicast Name Resolution or NetBIOS Name Service. An attacker on the same segment can quickly reply to those requests with forged answers, pretending to be the requested host. When the client believes the attacker is the legitimate destination, it will try to authenticate to that host, sending NTLM credentials or hashes over the network. The attacker captures these credentials, which can then be cracked offline or used to access other services, giving a foothold in the network. This is why the option named for poisoning LLMNR/NBT-NS is the correct one. The other techniques involve different attack vectors: AS-REP Roasting targets Kerberos pre-authentication data, not local name-resolution poisoning; Pass the Ticket uses stolen Kerberos tickets to authenticate elsewhere instead of tricking a client into sending credentials; and Syllable Attack isn’t a standard technique related to credential capture via name resolution.

LLMNR/NBT-NS poisoning tricks the network’s name resolution flow. When a computer on a local network needs to resolve a host name and DNS isn’t available, it may broadcast requests using Link-Local Multicast Name Resolution or NetBIOS Name Service. An attacker on the same segment can quickly reply to those requests with forged answers, pretending to be the requested host. When the client believes the attacker is the legitimate destination, it will try to authenticate to that host, sending NTLM credentials or hashes over the network. The attacker captures these credentials, which can then be cracked offline or used to access other services, giving a foothold in the network.

This is why the option named for poisoning LLMNR/NBT-NS is the correct one. The other techniques involve different attack vectors: AS-REP Roasting targets Kerberos pre-authentication data, not local name-resolution poisoning; Pass the Ticket uses stolen Kerberos tickets to authenticate elsewhere instead of tricking a client into sending credentials; and Syllable Attack isn’t a standard technique related to credential capture via name resolution.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy