Over 1 million tech questions and answers.

Pass the Hash simulation no longer working

Q: Pass the Hash simulation no longer working

Last week I successfully simulated "Pass the hash" in my environment using mimikatz.
However, using back the same machine, same ID, and same method, it just don't work now.
DNS Reconnaissance, Directory Reconnaissance, LDAP binding all can detect.
Any idea why?

Read other answers
Preferred Solution: Pass the Hash simulation no longer working

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)


Hi All,
I tested the following attacks in Microsoft Advanced Threat Analytics and found them
not to be working.

Bruteforce Attack Pass-The-Ticket Pass-The-Hash Sensitive account exposed Using Plain-Text Authentication
I have tested other attacks like Reconnaissance
using DNS, Broken Trust, Honey Token account suspicious activities but they are working perfectly fine. I don't know
what's the issue with the above 4.
1. Bruteforce Attack:
I used thc-hydra-windows and triggered a dictionary attack using a list of passwords.

2. Pass-The-Ticket:
I used mimikatz to steal the kerberos ticket from a PC on which Admin is logged on. Impersonating an attacker, I copied the .kirbi file and Injected that file(using mimikatz again) to another PC on which a domain user is logged in.

3. Pass-The-Hash:
(Same as above)
4. Sensitive account exposed in plain text authentication:
I used mimikatz command 'sekurlsa :: logonpasswords' and was able to get passwords of all the users who logged on to that PC. But this was also not detected by MATA.

Please help me with the above issues. If possible, provide the tools using which I can trigger and detect those attacks.

Read other answers

I have recently installed ATA (1.8.6645.28499). It is now in to the second week of its learning phase and it is raising a considerable number of false pass-the-hash alerts when users initiate Citrix sessions from their usual PC using pass-thru authentication,
eg a typical alert would be:
Bloggs,Fred's hash was stolen from one of the computers previously logged into by Bloggs,Fred and used from xx1234
Clearly this is spurious - in each case the user is initiating a Citrix session from their
own PC and the xx1234 represents a Citrix server in the farm in every case.
1) Why am I only receiving a handful of related PTH alerts each day when I have many thousands of Citrix users, all authenticating in the same manner?
2) How can I supress these alerts?
What I effectively want to say is 'IF the suspected PTH is being triggered BY the user on their OWN PC and the target server is in our Citrix farm' then ignore it. I can't see a way of setting an exclusion range like this for PTH events though?

Read other answers

Hi everybody,
Could someone please explain, if he had succeeded, the pass-the-hash attack with ATA ?
I have :

1 Center1 Gateway1DC1 workstation
From the workstation, I use the DC hash password admin for authentication. I have access to the DC but ATA don't detect this scenario.

Read other answers

I got a pass the hash alert but it is on a Direct Access server.
A previous pass the ticket alert asked me if the computer was a DirectAccess proxy, this alert does not.
I do not see a way to do this for this new alert.

Read other answers

We are getting a Pass the Hash warning for two users (only one has happened more than once) that I am pretty sure is a false positive.  The message says the hash was stolen from one computer that the user logged into and was used by the same user on
her desktop.  

I am guessing an app is doing something weird or something but cant pinpoint it.  Anything i can do to try to track it down?

Identity theft using pass-the-hash attack

Savannah ***** (*****)'s hash was stolen from one of the computers previously logged into by Savannah ******   (************) and used from DT-S*******.

Read other answers

We are currently in monitor mode with ATA and have been receiving alerts since going live on Sunday 10/20.   The alert says the users hash is being passed from an unknown system to the system that is used by the owner of the hash that is being
passed. I am not sure why it is identifying an unknown system and saying the system is passing a hash to the users legitimate system.

Should we respond to alerts that are generated during the 30 day monitoring period or should they be ignored until that period is completed?

Read other answers

Hey guys.
We installed ATA on a customer and started getting Pass-the-Hash alerts after configuring the port forwarding for 4776.
We're currently looking into these events. One of them, however, has lost all data regarding which user and computer was affected - the hash is still there but all other information is gone.

Is this a known issue? Is there something we can do to recover the info/prevent this from happening again?
Thank you very much in advance,

Miguel Duarte

Read other answers

Running v1.7.5757.57477 and recently got four PTH alerts, and in each case it states the has was stolen from one of the computers previously logged into by the user and then used on a system, which in each case happened to be the user's primary system in
which they logged into.
Would this be potential false positives? I would be more worried if the hash was used on a system not associated with the user.


Read other answers

I've noticed that when users attempt to log into a Citrix session but provide the wrong password initially, but then provide the correct password the "Identity Theft Using Pass-The-Hash Attack" is triggered. I assume this is because Citrix makes
use of pass-through authentication. Is there anything I can do to tune these out or reduce the number of false positives that are observed?

Read other answers

I have just installed ATA 1.6 and using the Lightweight Gateway on all our DC's.

After I have enabled and configured event forwarding I see a lot of "Identity theft using pass-the-hash attack" alerts, and there is way to many for me to believe that we have been hacked/under attack.
Have any of you any ideas of what I might be doing wrong?

Read other answers

OMG, I have so many questions that are killing me! and mostly they are related to mp3's! Please answer these if you have enough knowledge!

1. If I download music (by payment) on the internet, can I choose which format/bitrate I want it in? And can I choose lossless .wav format? I don't buy music online.

2. What are these numbers followed by the word Hash? What are these things?

3. What are these things - when I check the properties of an mp3 in it's comments/description tag, I often see numbers and letters in groups like this: http://img405.imageshack.us/img405/1835/commentsordescriptionxx6.jpg

Read other answers

Hi all,
I have another issue that I am hoping you can help me with. When I boot my HP Pavillion 9500 it starts with the screen with the F keys at the bottom, then goes to the welcome screen (for about 5 seconds) then from there it goes to a black screen ( for 3 secs) then to a blue screen ( for 3-4 mins) then on to the desk top
Is the blue screen a problem I should be worried about ? as the blue screen seems to be getting longer and longer every time I boot
It previously had a new MB and HD
I don't recall a blue screen prior to this

thanks Neil

A:Blue screen on boot taking longer and longer to pass on each boot

The blue screen is just a warning, that you have crashed. The time is insignificant. To stop the blue screens post
Blue Screen of Death (BSOD) Posting Instructions

Read other 21 answers

Normally when I adjust sound in Vista a graph appears on screen.
This is no longer happening.
Sound System is Realtek, the original programme that came with the laptop.

A:Solved: Realtek On Screen Graph No Longer No Longer Working.

A box for Wistron had been accidentally unchecked in startup menu.

Read other 1 answers

Hi All, I would suggest you read my old post here first:

Anyhow, where I work we have a single DR PC what has our basic company software/programs on and is imaged, and then deployed out to a large multiple of identical PC's at our disaster recovery facility in the event when needed. Our DR facility is connected
to our AD domain.
The DR PC's we use are HP EliteDesk 800G2 Desktop Mini's and have Windows 7 Pro x64 on them.  Now capturing and restoring the image is not an issue and is is done via PXE booting using Symantic Ghost.

I have two major issues that need to be resolved very soon as we have a DR test coming up in a couple of months where we push the image out to a large number of identical PC's and test everything down in DR.

Issue 1: When ever sysprep is run with the "/generalize" option, windows fails to boot/reboot. Just get
a black screen in a continuous re-booting loop. Not even any error message, absolutely nada is shown! 
Maybe it's got something to do with he ultra modern hardware/chipset/platform of the HP EliteDesk G2; all USB port are USB3 and the boot drive is a NVMe SSD.
To resolve this issue, I have to restore the image to the DR PC via PXE.
And Yes I have the following in my Autounattend.xml file under the
generalize pass. 
<component name="Microsoft-Windows-PnpSysprep... Read more

Read other answers


When i access my router via and set my password to the password i want it saves the pass but for some reason on no computer i am able to connect with that password. Router is a Linksys/Cisco Wireless-B router.

A:Router pass not working

Are you talking about two different passwords? One to access the administration and settings pages of the router and a different password that is the encryption key for the wireless connections?

Read other 2 answers

Hi, since a few days I cannot access my pc using single pass.Very strange indeed, as I've passed through any kind of OS upgrades (e.g. win 8 to 8.1, to Win 10, to Win 10.1..) without any problem... I've tried to update BIOS, Single Pass sw Update, uninstall, re-install, drivers update, but the result is just the same.... My account access options actually don't recognize any chance to use fingerprint as they probably don't see related HW drivers... Can you help me, please? Kind regards

Read other answers

simple pass not working, does not recognise windows password at start to gain access to system, no flashing light, driversin software only go to windows 8.1.How do I reset the lot or reinstall simple pass?

View Solution.

A:simple pass not working windows 10

follow the instructions for doing it and the reboots and it will work.. i have done a dozen of these now and all working.

Read other 10 answers

My fingerprint reader has crapped out.  I want to remove the driver and re-install it but I can't find a link to it and HP won't help me do it even though I paid for extended warrentee.  Anyone have a suggestion?

A:simple pass not working Windows 8.1

You should be able to use the W8.1 fingerprint driver from the dv6t-7300, and the simple pass software from the 15t-j100 This package contains the driver that enables the Validity Fingerprint Sensor in supported notebook models that are running a supported operating system. The fingerprint sensor scans fingerprints for use with biometric security applications. File name: sp58900.exe This package contains the HP SimplePass Identity Protection Software for the supported notebook models and operating systems. This software protects identity information and account access using the computer owner's fingerprint. File name: sp64339.exe  

Read other 2 answers

I can't logon because simple pass is not working and I don't have a text password.   How do I fix this?

Read other answers

Hi, I have Hp Envy 1511 and Simple pass is not working propwerly with Windows 10. I have the latest driver (Validity Sensor 4.5.327.0) and Wiondows Hello enabled, but no luck. Any thoughts?

Read other answers

Hello, I have a HP Pavilion DV6 Notebook PC with a 64-bit operating system, Intel CORE i5, and Windows 7.I've had this laptop for about two years, but recently it's been giving me grief when I try to log in with my Simple Pass. I had two fingers registered and neither would work, so I deleted them and tried to register them again. But now "It looks like you're having some trouble. Would you like to try again?" keeps popping up and my fingers won't register.HELP .

A:Simple Pass on HP Pavilion dv6 Notebook PC Not Working!!

Please, if anyone has some advice, I'd be opened to trying it out.

Read other 9 answers

Hi, I am using hp envy 15t-ae000 model laptop for a year now, and the laptop seems to work just fine but all of a sudden the hp simple pass fingerprint stopped working. It was working just fine all these days but suddenly it stopped working with the error stating "The device is not connected to the computer. Please insert the authentication device." I looked at other forums and tried their suggessions but it dint work. Any suggessions like what needs to be done would be helpful.  Thank you.

Read other answers

updated HP simple pass as requested and now will not run. has been working on windows 10 fine until update!

Read other answers

Ok so i am furious with Micro$oft now! the other day i was FORCED to change my microsoft account after much nagging i did so and i dont like changing logins too much. (this was a week ago)
now for some random reason on earth without my permission my windows login also changed login passwords to the microsoft account. I DONT WANT THAT! that password is too long and complicated for someone who locks his computer every 5 minutes or so. why did this just kick in now? i changed M$ account pass over a week ago and today it decides to change windows login?! can i change JUST my local windows login separate from microsoft login?
if i try to change pass from settings it it goes online and says you cant use password that has been used before.

A:Can i change windows login pass without changing microsoft pass too?

Originally Posted by xdarkmario

Ok so i am furious with Micro$oft now! the other day i was FORCED to change my microsoft account after much nagging i did so and i dont like changing logins too much. (this was a week ago)
now for some random reason on earth without my permission my windows login also changed login passwords to the microsoft account. I DONT WANT THAT! that password is too long and complicated for someone who locks his computer every 5 minutes or so. why did this just kick in now? i changed M$ account pass over a week ago and today it decides to change windows login?! can i change JUST my local windows login separate from microsoft login?
if i try to change pass from settings it it goes online and says you cant use password that has been used before.

Don't go for a password. Use the PIN option That's just what you need and it's really a great thing as well.

Read other 4 answers

I'm getting the famous enter admin pass on boot (no BIOS update, laptop been off for a year (no OS atm) and I just started trying to fix it.  The error code I get is: [ 54549743 ] I hope that helps get my mobo unlocked!

View Solution.

A:HP-2000 Enter Admin Pass/Power on Pass at Boot

@PoetheProgrammr? Enter    41421385 Regards, DP-K

Read other 2 answers

I just got this com from a friend when they got a new one and they forgot there password i dont know the operating system and or nothing about it cant get ahold of them my disable code is 87796349 what do i do now and is there another code that will work i have the hp and it says stream inside it but i do have a model number it is small and blue

A:Forgot admin pass disable code not working

Hello, Thank you for posting in the HP Support forum. Welcome! With regards to the BIOS disable code , here is your response/unlock code>> 38694989  

Read other 5 answers

I up graded to windows 10 and now I find that HP Simple Pass does not work with Microsoft Edge, despite the fact that it continues to work with the windows 10 sign in.Would appreciate any thoughts on how to fix HP Simple Pass to work with Microsoft Edge. Thank you

A:HP Simple Pass not working with Microsoft Edge in Windows 10

Yes, I have the same challenge.  The only work-around for now is to use Internet Explorer

Read other 8 answers

Hello everyone, Since long time back the SimplePass (finger print reader software) stopped picking up the passwords I am entering in browsers pages. It seems the extensions are not working anymore. The Windows log in is still functionig properly but not the in websites. I feel like I am having an important feature in my Notebook that is kept idle and not fully utilised.  I am running SimplePass ver. 5.4 and Windows 10 x64. Is there a way to make this software into functionagain ? If not, is there any other trusted software that can be used instead. Thank you all.

Read other answers

i have a hp touchsmart 610-1000 i forgot my power on password i need some help to get on my computer

A:i have a touchsmart 610-1000 cant get pass the power on pass...

 Hi, Attach the completed model number, for example 610-1031f How Do I Find My Model Number or Product Number?

Read other 3 answers

Hello everyone! Can you help me with a (hopefully) simple problem?
I have a Access 2003 SQL Pass-thru query that I need to prompt the user for Begin Date and End date, then put these values in the query. I read the Help, but I still don't understand HOW!
Questions: (BTW, this query is being generated from the Switchboard)
1. How do I prompt the user for the dates in Access? I can't use parameters and I don't understand how to use a prompt otyher than that.
2. How do I get those user responses into the query below
3. How do I write the querydef?

The SQL query is attached


A:Prompt&Pass value to pass-thru query

Read other 16 answers

I am using Nero, in the Cd-Rom (ISO) under "Burn" tab i got the unchecked box of 'Simulation'. Please tell me what is this and it is right to uncheck that box.


I am sure that it is ok to uncheck it because it tests to see if the cd will burn correctly. It is nothing more than a test. It takes twice as long to burn whenever it is checked. Hope it helps.

Read other 2 answers

hey anybody know about any simulator for PIX
we have lots of simulator for routing and switching upto CCNP level

but still I'm looking for one for PIX
if anybody know plz let me know about it
I'm in great need

Read other answers

My computer keeps freezeing up. When i click on my computer the windows pops up aand says 0 objects in the corner.nero does this and alot of other things. I have to CTRL+ALT+DEL it.It says it not responding. I checked the control panel and saw a cdrom called image simulation and a scsi controller and my computer is a ide when i disable it the cd simulation doesnt appear but my computer still freezes up.I could see how an image sim could freeze up a burning program. Also i boot up from a win 98 boot disk be4 this started up and after that the cd sim started coming up.the scsi controller says its a precsim.

A:cd simulation

Read other 12 answers

Are there any software tools out there that can generate multiple VPN tunnels? I need to run some diagnostic tests on a network and the only tool I have is NetPressure which is, apparently, no longer supported


Read other answers

yesterday, i went out and bought myself a 48x24x48x CD-RW to upgrade at last from my old 4x4x24x I came with Nero v5.5.9.13 which seems good, however it won't let me do a test burn. Is it possible that my burner does not support simulation burning??? the option is there but it's greyed out so it can't be selected. BTW, the writer is a LITE ON (www.liteonit.com) i haven't checked the site yet, i'll do that now.

Thanks in advance.

A:No simulation?

I believe the problem was addressed with the newest firmware upgrade, you can download it here..


click on download then firmware...

Read other 1 answers

Hello, I run windows 7 64-bit ultimate.
I am working on a program which needs to simulate the result to see it and then make changes if needed...
My problem is that simulation does not work, and I get a message that port 8000 (i have tried many ports) is occupied.
I have tried to turn off firewall and AVG free edition, but no luck.
Defender is also disabled.
Any ideas??

Read other answers

Now, i have the best i recently bought SCJP exam simulation for test 310-025
and got 50% discount and simulation imitate the real exam and give proper hands-on skills and more specifically the study notes is very effective.

A:Best exam simulation

Searching Google with 'scjp exam' could have saved you some money.

Read other 2 answers

Does anyone know of a good simulation software for optimizing processes? I have a need for this type of software to set up a new manufacturing line. Any ideas?

Read other answers

Can someone please recommend me the best online simulation game and where to find it.

A:Best Simulation Game

well, Flight Simulator X is it......and Amazon.com is where i go...

Read other 1 answers

Hey guys,
Quick question does anyone know or is there a Phishing simulation software that we could run internally at our company that would give us some insight of how ready our employees are for an actual attack. There is a company by the name of "Duo"
they claim you are able to run this and check on the readiness of your employees.

Read other answers

Hey, I have an online class that requires me to do simple simulations (games) but I just downloaded windows 10 and Adobe keeps saying that file may be damaged when I try to download or open it. The link is http://phet.colorado.edu/en/simulation/moving-man
Any help with this matter would be appreciated.

Read other answers

So what is the purpose of Nero Simulation ?

What does it check ?

Will it warn you not to burn a cd or dvd or else it will mak e a coaster or what ?


A:Nero Simulation

A Simulation when burning a CD/DVD means that the program is going to "act" or pretend that it's going to burn the CD/DVD to make sure all the data will burn correctly on the disc without actually burning it yet. If it succeeds in doing so then it will continue to burn the disc or tells the user that the simulation was a success and asks if you want to continue with the actual burning.


Read other 3 answers

From the makers of Project Echelon, check out the up and coming independent game Epicenter.

Genre: 3rd/1st person sci-fi simulation

This is intended to be more of a simulation than an action packed game, but it may turn out to be a decent game after all. The simulation is about these 5 bio-domes that are built into a planet class metorite in space where scientist perform experiements on genetic species and lifeforms. Your character is a robot that you (the scientist) are controlling. Using this robot, you will help maintain the environments by getting missions from the starting dome (the garage) and attempting to complete them. This is an Alpha Build, so many of the major features are implemented, but the flow isn't completely ironed out yet. So there is not as much interaction with the environment as you will see in the final version and many of the missions are not yet completable. After that, the only real major feature to finish is our vision type system, which is coming along pretty nicely. But check it out and let us know what you think so far.

Go to the Official Website and download the Epicenter Alpha Build. Instructions are listed on the site and in the game. Please let me know if you have any problems, questions, concerns or anything else.

Some sample shots:


A:Check out my simulation

The Beta Build is now up for download, I would edit the top post accordingly if I could, but just follow the same links to the file section of the Epicenter Site and check it out. The final verison will be available by the end of April, so hit me up with feedback/suggestions if you have any soon.

Can't wait to be graduating! I'm already going for interviews at a few local companies, will be working on next-gen consoles or next-gen graphics engines in general. Should be good

Read other 1 answers

Best I describe what set up I have first before I explain what help I need.
I have a simple network with 3 x computers running windows 7, and all my data stored on a Buffalo NAS which I'll refer to as \\TSSTB on the three computers (the network name of the NAS is obviously TSSTB).
Each computer has a FE of the access 2003 database, the BE is on the NAS.
This works great, as all 3 computers use the NAS for data storage / sharing.

Here's what I'm after.

I have a laptop where I have a copy of the FE of the database. I wish to be able to use the laptop to have a back up copy of the content of the NAS, so that I can experiment with changes without impacting the real live data. I don't want to buy another NAS to do this, is there any way I can refer to a folder on my laptop as, say, \\TSSTB so that my FE can read the BE data from the copy of the database ?

Cheers for any help,


A:Help trying to create a \\SIMULATION

Usually, you can't make a folder to pretend to be a network device.

Is there somewhere in the configuration of the front end program that tells it where the back end is located ?

You can try VirtualBox, install Windows inside a virtual machine, have file and printer sharing on, and name the virtual machine the same name as your NAS.

One thing you should do for sure is to disconnect your laptop from the network before tinkering, just in case you accidentally modify live data on your NAS.

Read other 1 answers

Hi all
I think we see so many posts on this forum as to AV program A is better than B or whatever but how many people EVER do THEIR OWN testing.

I'd suggest first run a "simulation" type of test on scanning for a known virus and then (preferably on a Virtual Machine) load up a test Virus and see if your AV software detects it.

Comparisons that product A is better than B are meaningless here since we all use Computers and the Internet in different (often very different) ways that it makes any sort of comparison meaningless.

So for simulation try the approach suggested here

How To: Test your Anti-virus Software


A:Do your OWN AV testing via simulation

This is a worthwhile check. All AVs should detect the EICAR test virus. Should it fail to do so, consider changing your AV. There is no excuse for an AV to fail to detect this test virus, since it is an industry standard test that has been around for many years and which should be detectable by all AVs.

Read other 8 answers