- pass-the-hash:
- needs: NTLM hash
- achieves: command execution, noninteractive shell
- pass-the-ticket:
- needs: TGT
- achieves: TGS, authenticate against services, Kerberoast the obtained TGS
- pass-the-key:
- needs: NTLM hash-derived key (see
sekurlsa::ekeys
from Mimikatz) or NTLM hash (if RC4 accepted)
- achieves: TGT, command execution
- Pass-the-key attack is equivalent to overpass-the-hash if RC4 is accepted.
- overpass-the-hash:
- needs: NTLM hash
- achieves: TGT
- Overpass-the-hash is a specific case of pass-the-key (where NTLM hash alone is sufficient since RC4 is accepted)