Password Attacks - Pass the Hash (PtH)

i’m really stuck on this question “Try to connect via RDP using the Administrator hash. What is the name of the registry value that must be set to 0 for PTH over RDP to work? Change the registry key value and connect using the hash with RDP. Submit the name of the registry value name as the answer.”, I don’t understand the question and can’t think of a way to solve it, I tried RDP into the “Administrator” account “30B3783CE2ABF1AF70F77D0660CF3453” provided in the above question but after that I can’t do anything more, hope to receive help.

You need to change the AllowEncryptionOracle registry value to 0. This setting controls the use of encryption when connecting to a remote desktop (RDP) using a password hash. Setting this parameter to 0 disables encryption and allows password pass-through hash (PtH) attacks to be used when connecting via RDP. After changing the value of this parameter to 0, you will be able to connect to the remote computer using the hash of the administrator specified in the question.

1 Like