<aside> π Summary
</aside>
Pass the hash is a cyber-attack where an attacker uses a stolen hashed password to authenticate and access systems without revealing the actual password. The attacker captures hashed credentials, often through vulnerabilities like NTLM protocols, and uses them to gain unauthorized access.
Pass the password is a similar attack where the attacker uses plaintext passwords obtained from one system to access others due to password reuse.
To pass both hash and password as well to scan the network weβre going to use https://github.com/mpgn/CrackMapExec.
<aside>
π‘ At least when it is installed with pipx, Crack Map Exec can be executed through crackmapexec or cme.
</aside>
<aside>
π‘ Here we only use smb mode but taking a look at other modes results like winrm can be useful !
</aside>
First, we might want to scan the network looking for newly available computers.
crackmapexec smb 192.168.138.0/24 -u lkisaka -d ORB.local -p Password1
smb the selected protocol10.0.0.0/24 we decided to scan an entire network but it is also possible to scan only one target-u the user-d the domain-p the password
<aside>
π‘ Note : the machines noted as Pwn3d can be looted with the used credentials.
</aside>