How to perform a hash pass attack on Windows systems (Pass-hash-attack)

" Object-oriented " This blog post is mainly for information security penetration test Junior personnel and information security attack technology enthusiasts.

The main content mainly describes how to perform a hash pass attack on the Windows operating system (Hash-pass-attack) during the post-penetration testing phase.

------------------------------------------- rookie takeoff series ---------------------------------- --------------

Penetration Testing Task : Gain control of Windows operating system with Hash-pass-attack

attack test target : Windows Server 2012, Win7

attack test Condition : A hash pass attack is an attack that is initiated during the post-penetration testing phase, so that you have obtained the ntml hash code for the target host (refer to how to extract the Windows System account password in the penetration test), and use the tool WCE to obtain the hash code.

Attack test Tool : Metasploit or Kali Linux

This article will take advantage of the Kali Linxu integrated MSF for attack demonstrations.

The first step is to use WCE to get the ntml hash code for the target host, such as the red flag portion as the account name and hash code.

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/86/75/wKiom1e_Hl7Cvw1yAAA3gPRw2Wc581.png-wh_500x0-wm_3 -wmp_4-s_1689382600.png "title=" hash Code "alt=" Wkiom1e_hl7cvw1yaaa3gprw2wc581.png-wh_50 "/>

The second step is to open MSF and find the PsExec attack module. You can use the "msfconsole" command to open the MSF Command window in Kali Linux, and then search for the PsExec module, "Search PsExec" using the command "use exploit/windows/smb/ PsExec "Select PsExec as the attack module; Use show options to see which parameter items we need to configure.

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/86/75/wKiom1e_I6zzKJCyAAwxXuzQUAk261.png-wh_500x0-wm_3 -wmp_4-s_4180734025.png "Title=" MSF. PNG "alt=" Wkiom1e_i6zzkjcyaawxxuzquak261.png-wh_50 "/>

The third step is to configure attack parameters and attack loads. Learn how to set up your own parameters in MSF. Note that Smbpass, smbuser these two parameters are the hash code and the user name obtained in the first step.

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M01/86/74/wKioL1e_JVbS1MvbAAlIqnHBb0Q856.png-wh_500x0-wm_3 -wmp_4-s_4129764698.png "title=" configrations "alt=" Wkiol1e_jvbs1mvbaaliqnhbb0q856.png-wh_50 "/>

The fourth step, launch the attack, use Meterpreter successfully rebound to connect to the target host, gain control of the target host.

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/86/75/wKiom1e_JmLyBqcUAAY-cupKDM8954.png-wh_500x0-wm_3 -wmp_4-s_4068484767.png "title=" OK "alt=" wkiom1e_jmlybqcuaay-cupkdm8954.png-wh_50 "/>

"Special statement" the Information security knowledge or tools covered in this article is limited to conducting security research and communication, please abide by the laws and regulations, consciously maintain a good atmosphere of information security technology exchange.

This article from "Rookie Takeoff" blog, reproduced please contact the author!

How to perform a hash pass attack on Windows systems (Pass-hash-attack)