Pass the Hash / Pass the Password

When we have the hash or password, we can take those and pass them around the network and potentially log in to other applications or servers

A tool that can be used for this is called crackmapexec

This takes the username, domain, and password and throws it all around the subnet and see where it sticks

Installing crackmapexec

apt-install crackmapexec


Using crackmapexec to pass the hash

crackmapexec smb IP ADDRESS/24 -u “User Name”-H HASH –local-auth

This will attempt to access all around the network to gain access

We are looking for anything that is Green or says pwned


To get a shell out of this you can use psexec

psexec –help