Metasploit mailing list archives
Re: Pass the hash attack doubt?
From: scriptjunkie <scriptjunkie1 () googlemail com>
Date: Sun, 12 Sep 2010 15:20:27 -0400
If you really want to know how something works, I recommend reading the source, running the module while watching the network traffic in Wireshark, etc.
From the psexec source, how the metasploit module works (and probably the
Microsoft tool too) is to open the admin share and drop the payload, then create, run, and delete a service of the payload. This is done by calling the following functions over RPC: OpenSCManager, CreateService, CloseHandle, OpenService, StartService, and finally DeleteService and CloseHandle again to clean up. On Sun, Sep 12, 2010 at 8:33 AM, John Nash <rootsecurityfreak () gmail com>wrote:
I was just successful in conducting a pass the hash attack but i have a couple of questions regarding the internals - AFAIK SMB allows access to file shares, printers etc. but cannot be used for command execution on the remote computer directly. Is this correct? I know psexec does the magic somehow ... but i am not clear exactly how it works? can someone please clarify? I don't want to use an attack without knowing the inner details :) rgds, JN _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
-- scriptjunkie https://scriptjunkie1.wordpress.com/
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Pass the hash attack doubt? John Nash (Sep 12)
- Re: Pass the hash attack doubt? scriptjunkie (Sep 12)