UnderRated Tool For Pass-The-Hash[Evil-WinRM]
A Pass-the-Hash (PtH) attack is a technique whereby an attacker captures a password hash (as opposed to the password characters) and then simply passes it through for authentication and potentially lateral access to other networked systems.
Suppose we are attacking an Windows Server and somehow we are able to get the credentials of the Admin account. We able to fetch the username in plain text but the password is in hash. We already know that the target machine is windows so we know that the password hash is NTLM hash.
Now, We have two methods to get into the admin account
- To crack the hash using hashcat or some other tool to get the plain text password which can take very long time depending on the password complexity
- We can directly use the NTLM hash to get into the admin account.
This is how the tool Evil-WinRM come into Picture
This tool can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985), of course only if you have credentials and permissions to use it.
To install Evil-WinRM in Linux
gem install evil-winrm
Usage
- To use hash to login
evil-winrm -i <IP>-u <user_name>-H <hash>
This Tool hash many other option worth checking….