How to perform a hash pass attack on Windows systems (Pass-hash-attack)

Source: Internet
Author: User
Tags kali linux

" Object-oriented " This blog post is mainly for information security penetration test Junior personnel and information security attack technology enthusiasts.

The main content mainly describes how to perform a hash pass attack on the Windows operating system (Hash-pass-attack) during the post-penetration testing phase.

------------------------------------------- rookie takeoff series ---------------------------------- --------------

Penetration Testing Task : Gain control of Windows operating system with Hash-pass-attack

attack test target : Windows Server 2012, Win7

attack test Condition : A hash pass attack is an attack that is initiated during the post-penetration testing phase, so that you have obtained the ntml hash code for the target host (refer to how to extract the Windows System account password in the penetration test), and use the tool WCE to obtain the hash code.

Attack test Tool : Metasploit or Kali Linux

This article will take advantage of the Kali Linxu integrated MSF for attack demonstrations.

The first step is to use WCE to get the ntml hash code for the target host, such as the red flag portion as the account name and hash code.

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/86/75/wKiom1e_Hl7Cvw1yAAA3gPRw2Wc581.png-wh_500x0-wm_3 -wmp_4-s_1689382600.png "title=" hash Code "alt=" Wkiom1e_hl7cvw1yaaa3gprw2wc581.png-wh_50 "/>

The second step is to open MSF and find the PsExec attack module. You can use the "msfconsole" command to open the MSF Command window in Kali Linux, and then search for the PsExec module, "Search PsExec" using the command "use exploit/windows/smb/ PsExec "Select PsExec as the attack module; Use show options to see which parameter items we need to configure.

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/86/75/wKiom1e_I6zzKJCyAAwxXuzQUAk261.png-wh_500x0-wm_3 -wmp_4-s_4180734025.png "Title=" MSF. PNG "alt=" Wkiom1e_i6zzkjcyaawxxuzquak261.png-wh_50 "/>

The third step is to configure attack parameters and attack loads. Learn how to set up your own parameters in MSF. Note that Smbpass, smbuser these two parameters are the hash code and the user name obtained in the first step.

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M01/86/74/wKioL1e_JVbS1MvbAAlIqnHBb0Q856.png-wh_500x0-wm_3 -wmp_4-s_4129764698.png "title=" configrations "alt=" Wkiol1e_jvbs1mvbaaliqnhbb0q856.png-wh_50 "/>

The fourth step, launch the attack, use Meterpreter successfully rebound to connect to the target host, gain control of the target host.

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/86/75/wKiom1e_JmLyBqcUAAY-cupKDM8954.png-wh_500x0-wm_3 -wmp_4-s_4068484767.png "title=" OK "alt=" wkiom1e_jmlybqcuaay-cupkdm8954.png-wh_50 "/>

"Special statement" the Information security knowledge or tools covered in this article is limited to conducting security research and communication, please abide by the laws and regulations, consciously maintain a good atmosphere of information security technology exchange.

This article from "Rookie Takeoff" blog, reproduced please contact the author!

How to perform a hash pass attack on Windows systems (Pass-hash-attack)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.