NTLMv1 and NTLMv2 can be relayed to connect to another machine. Hash Hashcat Attack method LM 3000 crack/pass the hash NTLM/NTHash 1000 crack/pass the hash NTLMv1/Net-NTLMv1 5500 crack/relay
DCOM is an extension of COM (Component Object Model), which allows applications to instantiate and access the properties and methods of COM objects on a remote computer. Impacket
The types of hashes you can use with Pass-The-Hash are NT or NTLM hashes. Since Windows Vista, attackers have been unable to pass-the-hash to local admin accounts that
In this technique, instead of passing the hash directly, we use the NT hash of an account to request a valid Kerberost ticket (TGT). Using impacket root@kali:~$ python
Capturing and cracking Net-NTLMv1/NTLMv1 hashes/tokens Net-NTLMv1 (NTLMv1) authentication tokens are used for network authentication (they are derived from a challenge/response DES-based algorithm with the user’s NT-hash as symetric
Windows Server Update Services (WSUS) enables information technology administrators to deploy the latest Microsoft product updates. You can use WSUS to fully manage the distribution of updates that
Application Deployment SCCM is a solution from Microsoft to enhance administration in a scalable way across an organisation. PowerSCCM – PowerShell module to interact with SCCM deployments MalSCCM
Kerberos Clock Synchronization In Kerberos, time is used to ensure that tickets are valid. To achieve this, the clocks of all Kerberos clients and servers in a realm
Timeroasting takes advantage of Windows’ NTP authentication mechanism, allowing unauthenticated attackers to effectively request a password hash of any computer account by sending an NTP request with that
« A service principal name (SPN) is a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon
