PaulDotCom mailing list archives
Re: Pass the hash for computer accounts?
From: David Porcello <DPorcello () vermontmutual com>
Date: Mon, 22 Nov 2010 16:17:17 -0500
Yes, I realize there are many ways to do this with *user* account hashes, but I'm looking for a way to relay or pass *computer* account hashes within a windows domain. Basically I'm trying to "steal" the machine credentials from one computer and inject them into an off-domain PC to obtain domain membership. I can use PSHtoolkit to extract the machine account password hash in this format: ComputerName$:Domain:LMHash:NTLMHash (Note the $). Just not sure where to go from there. PHstoolkit, meterpreter, and Samba let you inject NTLM hashes for user accounts, but I can't find any way to do this for machine accounts. -----Original Message----- From: pauldotcom-bounces () mail pauldotcom com [mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Ryan Sears Sent: Monday, November 22, 2010 12:55 PM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Pass the hash for computer accounts? What exactly do you mean? Is Pass-The-Hash still a viable vector of attack? Yes. Very much so actually. Spoofing domain membership requires you to manipulate your network tokens, or steal someone else's who's logged into a machine you have SYSTEM level access to. Think of them like web session cookies. Delicious, delicious session cookies. :) As for actual exploitation, you can find modified versions of SMBClient, or just use Meta$ploit (for great justice). You're going to have to figure the rest out on your own. BTW vermontmutual.com reeks of sketchy. Just sayin. RS ----- Original Message ----- From: "David Porcello" <DPorcello () vermontmutual com> To: "PaulDotCom Security Weekly Mailing List" <pauldotcom () mail pauldotcom com> Sent: Monday, November 22, 2010 10:20:54 AM GMT -05:00 US/Canada Eastern Subject: [Pauldotcom] Pass the hash for computer accounts? Is it possible to relay or pass Windows machine account password hashes in the same manner as SMBrelay or pshtoolkit does for user account hashes? I’m trying to spoof domain membership using an extracted machine account password hash. Dave. ________________________________ NOTICE: The information contained in this e-mail and any attachments is intended solely for the recipient(s) named above, and may be confidential and legally privileged. If you received this e-mail in error, please notify the sender immediately by return e-mail and delete the original message and any copy of it from your computer system. If you are not the intended recipient, you are hereby notified that any review, disclosure, retransmission, dissemination, distribution, copying, or other use of this e-mail, or any of its contents, is strictly prohibited. Although this e-mail and any attachments are believed to be free of any virus or other defects, it is the responsibility of the recipient to ensure that it is virus-free and no responsibility is accepted by the sender for any loss or damage arising if such a virus or defect exists. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Pass the hash for computer accounts? David Porcello (Nov 22)
- Re: Pass the hash for computer accounts? Ryan Sears (Nov 22)
- Re: Pass the hash for computer accounts? David Porcello (Nov 22)
- Re: Pass the hash for computer accounts? Jonathan Cran (Nov 22)
- Re: Pass the hash for computer accounts? Ryan Sears (Nov 22)