Oct 282019
 

Dont ask about the name : yes it does not mean much but this is all I got so far…

A tribute to https://github.com/gentilkiwi/mimikatz
And generally speaking a tool to handle windows passwords and perform lateral movement.
https://attack.mitre.org/matrices/enterprise/windows/ is definitely worth reading as well.

Source code on github here.

Command line so far:

Command line as below:
NTHASH /setntlm [/server:hostname] /user:username /newhash:xxx
NTHASH /setntlm [/server:hostname] /user:username /newpwd:xxx
NTHASH /changentlm [/server:hostname] /user:username /oldpwd:xxx /newpwd:xxx
NTHASH /changentlm [/server:hostname] /user:username /oldhash:xxx /newpwd:xxx
NTHASH /changentlm [/server:hostname] /user:username /oldpwd:xxx /newhash:xxx
NTHASH /changentlm [/server:hostname] /user:username /oldhash:xxx /newhash:xxx
NTHASH /gethash /password:password
NTHASH /getsid /user:username [/server:hostname]
NTHASH /getusers [/server:hostname]
NTHASH /getdomains [/server:hostname
NTHASH /dumpsam
NTHASH /dumphashes [/offline]
NTHASH /dumphash /rid:123 [/offline]
NTHASH /getsamkey [/offline]
NTHASH /getsyskey [/offline]
NTHASH /getlsakeys
NTHASH /wdigest
NTHASH /logonpasswords
NTHASH /pth /user:username /password:myhash /domain:mydomain
NTHASH /enumcred
NTHASH /enumcred2
NTHASH /enumvault
NTHASH /chrome [/binary:path_to_database]
NTHASH /firefox [/binary:path_to_database]
NTHASH /cryptunprotectdata /binary:filename
NTHASH /cryptunprotectdata /input:string
NTHASH /cryptprotectdata /input:string
NTHASH /runasuser /user:username /password:password [/binary: x:\folder\bin.exe]
NTHASH /runastoken /pid:12345 [/binary: x:\folder\bin.exe]
NTHASH /runaschild /pid:12345 [/binary: x:\folder\bin.exe]
NTHASH /runas [/binary: x:\folder\bin.exe]
NTHASH /runts /user:session_id [/binary: x:\folder\bin.exe]
NTHASH /runwmi /binary:c:\folder\bin.exe [/server:hostname]
NTHASH /enumpriv
NTHASH /dumpprocess /pid:12345
NTHASH /bytetostring /input:hexabytes
NTHASH /stringtobyte /input:string
NTHASH /base64encodew /input:string
NTHASH /base64encode /input:string
NTHASH /base64decode /input:base64string
NTHASH /a_command /verbose
NTHASH /a_command /system

  One Response to “NTHASH”

  1. […] previous article on NTHASH, lets see how to perform PTH (pass the […]

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.