Oct 282019
 

Dont ask about the name : yes it does not mean much but this is all I got so far…

A tribute to https://github.com/gentilkiwi/mimikatz
And generally speaking a tool to handle windows passwords and perform lateral movement.
https://attack.mitre.org/matrices/enterprise/windows/ is definitely worth reading as well.

Source code on github here.

Command line so far:

Command line as below:
NTHASH /setntlm [/server:hostname] /user:username /newhash:xxx
NTHASH /setntlm [/server:hostname] /user:username /newpwd:xxx
NTHASH /changentlm [/server:hostname] /user:username /oldpwd:xxx /newpwd:xxx
NTHASH /changentlm [/server:hostname] /user:username /oldhash:xxx /newpwd:xxx
NTHASH /changentlm [/server:hostname] /user:username /oldpwd:xxx /newhash:xxx
NTHASH /changentlm [/server:hostname] /user:username /oldhash:xxx /newhash:xxx
NTHASH /gethash /password:password
NTHASH /getsid /user:username [/server:hostname]
NTHASH /getusers [/server:hostname]
NTHASH /getdomains [/server:hostname
NTHASH /dumpsam
NTHASH /dumphashes [/offline]
NTHASH /dumphash /rid:123 [/offline]
NTHASH /getsamkey [/offline]
NTHASH /getsyskey [/offline]
NTHASH /getlsakeys
NTHASH /wdigest
NTHASH /logonpasswords
NTHASH /pth /user:username /password:myhash /domain:mydomain
NTHASH /enumcred
NTHASH /enumcred2
NTHASH /enumvault
NTHASH /chrome [/binary:path_to_database]
NTHASH /firefox [/binary:path_to_database]
NTHASH /cryptunprotectdata /binary:filename
NTHASH /cryptunprotectdata /input:string
NTHASH /cryptprotectdata /input:string
NTHASH /runasuser /user:username /password:password [/binary: x:\folder\bin.exe]
NTHASH /runastoken /pid:12345 [/binary: x:\folder\bin.exe]
NTHASH /runaschild /pid:12345 [/binary: x:\folder\bin.exe]
NTHASH /runas [/binary: x:\folder\bin.exe]
NTHASH /runts /user:session_id [/binary: x:\folder\bin.exe]
NTHASH /runwmi /binary:c:\folder\bin.exe [/server:hostname]
NTHASH /enumpriv
NTHASH /dumpprocess /pid:12345
NTHASH /bytetostring /input:hexabytes
NTHASH /stringtobyte /input:string
NTHASH /base64encodew /input:string
NTHASH /base64encode /input:string
NTHASH /base64decode /input:base64string
NTHASH /a_command /verbose
NTHASH /a_command /system

1
Poster un Commentaire

avatar
1 Fils de commentaires
0 Réponses de fil
0 Abonnés
 
Commentaire avec le plus de réactions
Le plus populaire des commentaires
0 Auteurs du commentaire
Auteurs de commentaires récents

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.

  S’abonner  
le plus récent le plus ancien
Notifier de
trackback

[…] previous article on NTHASH, lets see how to perform PTH (pass the […]