Overpass The Hash
Impacket
To be performed remotely from the attacker box
Mimikatz
To be performed on the target system using a cmd shell or Powershell session with administrative privileges.
In our scenario, we got David's NTML hashes using sekurlsa::logonpasswords
. We are using the hash to perform the Over Pass the Hash attack.
The command above will open another cmd.exe shell.
On this new shell, we can generate a TGT by authenticating on the other system we want to execute commands as David.
Then, we can use PsExec64.exe to execute commands remotely on xor-dc01 as David user.
Last updated