Basic Principle of parsing hash value transfer attack

Today, the Network Attacker technology has developed to a very high level, and you can directly ask your system without your user password. Don't be surprised, by passing the hash value, the attack can fully achieve the effect described above. In addition, the hash value transfer attack does not need to pass through the zero-day vulnerability or phishing information, so let's take a look at what the hash value transfer attack is.

Data Packet hash

Every time we create a password for an account in windows, the password is converted into a hash value. The hash value is the result of the encryption function. The encryption function extracts strings of any size from the data to execute the mathematical encryption function and generates a fixed size string, the final result is not the password entered by the user (such as 123456), but a hash string "94354877D5B87105D7FEC0F3BF500B33 ".

It makes sense from several aspects. First, this means that your password is not saved in plain text format on your local hard drive, so that anyone may see your password. This means that when you use a password to verify to another device (such as a domain controller), your password is not transmitted over the network in plain text format. Next we will discuss how hash is created.

When you try to access resources protected by user name and password authentication in your computer, the host will require you to perform authentication. Generally, you need to provide a user name and password. After you enter your password, the computer will immediately execute the hash function for the password and submit it to the host. Then the host will compare it with the Authentication database. If the hash matches, you can pass the verification.

Now, consider an alternative. If we manually establish a connection with the host (the host has the resources we want to access), we do not enter the user name and password, but enter the administrator user name and the Administrator hash we steal. In this way, we can obtain the management permission to access the host. Remember that all the host needs is to receive the matched hash value. This means that you do not need to execute a one-way hash function on the password. You only need to provide the hash value, which is also the basic principle of the hash value transfer attack.