I have setup a domain environment in vmware with Windows XP SP2 and Windows 2003 Server. I'm trying to pass the hash to elevate my privileges. I've logged into XP and have administrative privileges and can get hashes for domain accounts along with local accounts.
I have tried 2 tools, pass the hash toolkit and msvctl. With both i provide the username and hashes (lm and ntlm) and run cmd. In that new command prompt i try to map a network drive but when i do it asks for a password, so it looks like it is working somewhat but not completely. When i go to the task manager to see who owns the process it is the logged in user and not the elevated user. I've tried doing it with the local administrator but it is still owned by the local user
thanks but i had already found that blog. It appears that is working, it opens the new command prompt but i get invalid password when trying to map the drive and i have given the elevated user rights to the share and have confirmed that they can view it by logging into the system with that account.
If it was a problem with the 'Virtuality' of the scenario - Ensure the virtual switch/network is configured correctly, and that typical IP traffic is successfully going to and from each VM?
Just a thought no one else has mentioned such - I have witnessed some strange network issues with vmware, such as traffic only flowing from workstation to server, but not the other way etc.
"Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
- Albert Einstein
If it was a problem with the 'Virtuality' of the scenario - Ensure the virtual switch/network is configured correctly, and that typical IP traffic is successfully going to and from each VM?
Just a thought no one else has mentioned such - I have witnessed some strange network issues with vmware, such as traffic only flowing from workstation to server, but not the other way etc.
Interesting.... i dont think it is that though. I tried it on my local machine and was just opening another command prompt with another user, but in task manager it still shows up as the original account, shouldnt it show up as the other account?