Metasploit mailing list archives

Re: Pass the hash attack doubt?

From: scriptjunkie <scriptjunkie1 () googlemail com>
Date: Sun, 12 Sep 2010 15:20:27 -0400

If you really want to know how something works, I recommend reading the
source, running the module while watching the network traffic in Wireshark,
etc.

From the psexec source, how the metasploit module works (and probably the

Microsoft tool too) is to open the admin share and drop the payload, then
create, run, and delete a service of the payload. This is done by calling
the following functions over RPC: OpenSCManager, CreateService, CloseHandle,
OpenService, StartService, and finally DeleteService and CloseHandle again
to clean up.

On Sun, Sep 12, 2010 at 8:33 AM, John Nash <rootsecurityfreak () gmail com>wrote:

I was just successful in conducting a pass the hash attack but i have a
couple of questions regarding the internals -

AFAIK SMB allows access to file shares, printers etc. but cannot be used
for command execution on the remote computer directly. Is this correct?

I know psexec does the magic somehow ... but i am not clear exactly how it
works? can someone please clarify?

I don't want to use an attack without knowing the inner details :)

rgds,

JN

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework



-- 
scriptjunkie
https://scriptjunkie1.wordpress.com/

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Pass the hash attack doubt? John Nash (Sep 12)
- Re: Pass the hash attack doubt? scriptjunkie (Sep 12)