🥸Pass-the-Hash
Pass the hash (PtH) is a type of attack used in the context of Windows authentication. In this attack, an attacker captures the NTLM hash of a user's password and uses it to authenticate to a remote system without ever cracking or learning the plaintext password. This is possible because Windows systems use NTLM hashes for authentication in many situations, even when the original password is a plaintext string.
We are going to start with crackmapexec:
smb
: This specifies the protocol to use for the scan. In this case, SMB (Server Message Block) is chosen, which is a common protocol used for sharing files, printers, and serial ports in a network.192.168.138.0/24
: This is the IP range to scan. In this case, it's scanning the subnet192.168.138.0/24
, which includes all IP addresses from192.168.138.1
to192.168.138.254
.
Now another variation:
-H [NTLM1 hash]: This specifies the NTLM hash of the password to use for the scan. In this case, the hash is provided in the command itself, enclosed in square brackets. 6.
--local-auth`: This option tells CrackMapExec to use the credentials provided in the command to authenticate locally on each target machine before attempting to connect shares
you can add a --shares to enumerate shares for the users
or see plenty of other commands with:
cmedb
is a database tool used by CrackMapExec (CME) to store and manage data related to penetration testing and post-exploitation activities.
Last updated