Overpass the Hash
In this method we use the NTLM hash to get a TGT and TGS from the Domain Controller. In a scenario that you have gained access to a system that another user is logged into, we can use the cached credentials of the user to procure a TGT and TGS, then use it to login to another service or system.
This technique requires access to the special admin share called Admin$, which in turn requires local administrative rights on the target machine.
The following set of commands can be used to generate a TGT once within Mimikatz,
With this we should have a command shell with which we can execute command as user John.
We can get the ticket by initiating an interaction with the domain controller,
We can now use psexec tool to execute commands on the remote computer within the context of the user - John,
Last updated