Pass the hash
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Pass the hash

Hybrid View

  1. #1
    Member
    Join Date
    Oct 2002
    Posts
    52

    Pass the hash

    I have setup a domain environment in vmware with Windows XP SP2 and Windows 2003 Server. I'm trying to pass the hash to elevate my privileges. I've logged into XP and have administrative privileges and can get hashes for domain accounts along with local accounts.

    I have tried 2 tools, pass the hash toolkit and msvctl. With both i provide the username and hashes (lm and ntlm) and run cmd. In that new command prompt i try to map a network drive but when i do it asks for a password, so it looks like it is working somewhat but not completely. When i go to the task manager to see who owns the process it is the logged in user and not the elevated user. I've tried doing it with the local administrator but it is still owned by the local user

    Any thoughts on why it's not working?

  2. #2
    Banned
    Join Date
    Nov 2002
    Posts
    677
    this page might give you a clue. You probably want to jump to steps 5-7

    http://carnal0wnage.blogspot.com/200...sh-action.html

  3. #3
    Member
    Join Date
    Oct 2002
    Posts
    52
    thanks but i had already found that blog. It appears that is working, it opens the new command prompt but i get invalid password when trying to map the drive and i have given the elevated user rights to the share and have confirmed that they can view it by logging into the system with that account.

  4. #4
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    Hi Keith,

    Maybe one of these videos will help?

    http://vimeo.com/videos/search:pass%20the%20hash


    [maybe I am blind, but where is the option to disable smilies?]
    Last edited by nihil; December 23rd, 2009 at 12:02 AM.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  5. #5
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391
    Quote Originally Posted by westin View Post
    Hi Keith,

    Maybe one of these videos will help?

    http://vimeo.com/videos/searchass%20the%20hash


    [maybe I am blind, but where is the option to disable smilies?]

    in the Additional Options area when you click the Reply button.
    Attached Images Attached Images

  6. #6
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    Quote Originally Posted by t34b4g5 View Post
    in the Additional Options area when you click the Reply button.
    hmm... I don't seem to have that option...
    Attached Images Attached Images
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  7. #7
    Keeping The Balance CybertecOne's Avatar
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    659
    If it was a problem with the 'Virtuality' of the scenario - Ensure the virtual switch/network is configured correctly, and that typical IP traffic is successfully going to and from each VM?

    Just a thought no one else has mentioned such - I have witnessed some strange network issues with vmware, such as traffic only flowing from workstation to server, but not the other way etc.
    "Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
    - Albert Einstein

  8. #8
    Member
    Join Date
    Oct 2002
    Posts
    52
    Quote Originally Posted by CybertecOne View Post
    If it was a problem with the 'Virtuality' of the scenario - Ensure the virtual switch/network is configured correctly, and that typical IP traffic is successfully going to and from each VM?

    Just a thought no one else has mentioned such - I have witnessed some strange network issues with vmware, such as traffic only flowing from workstation to server, but not the other way etc.
    Interesting.... i dont think it is that though. I tried it on my local machine and was just opening another command prompt with another user, but in task manager it still shows up as the original account, shouldnt it show up as the other account?

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Hi westin,

    I fixed your post for you
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #10
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    Quote Originally Posted by nihil View Post
    Hi westin,

    I fixed your post for you
    Much appreciated Nihil.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

Similar Threads

  1. Asterix pass (more complex than what it seems!)
    By boyboy400 in forum Newbie Security Questions
    Replies: 7
    Last Post: October 1st, 2008, 06:07 AM
  2. freerainbowtables.com
    By oofki in forum Cryptography, Steganography, etc.
    Replies: 26
    Last Post: March 20th, 2008, 08:25 PM
  3. An Introduction to Cryptography, and Common Electronic Cryptosystems – Part I
    By 576869746568617 in forum Cryptography, Steganography, etc.
    Replies: 1
    Last Post: July 10th, 2006, 11:38 PM
  4. Encryption Algorithms - Basics
    By kruptos in forum The Security Tutorials Forum
    Replies: 0
    Last Post: January 29th, 2005, 01:01 AM
  5. Web-based NT & Win2k password cracker !
    By Kelvin@Sec33 in forum Microsoft Security Discussions
    Replies: 31
    Last Post: May 3rd, 2002, 01:02 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •