Invoke-TheHash: PowerShell Pass The Hash Utils – Penetration Testing

Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB tasks. WMI and SMB services are accessed through .NET TCPClient connections. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.

Requirements

Minimum PowerShell 2.0

Import

Import-Module ./Invoke-TheHash.psd1

or

. ./Invoke-WMIExec.ps1
. ./Invoke-SMBExec.ps1
. ./Invoke-SMBClient.ps1
. ./Invoke-TheHash.ps1

Functions

Invoke-WMIExec

Invoke-SMBExec

Invoke-SMBClient

Invoke-TheHash

ConvertTo-TargetList

Invoke-WMIExec

WMI command execution function.

Parameters:

Target – Hostname or IP address of target.

Username – Username to use for authentication.

Domain – Domain to use for authentication. This parameter is not needed with local accounts or when using @domain after the username.

Hash – NTLM password hash for authentication. This function will accept either LM:NTLM or NTLM format.

Command – Command to execute on the target. If a command is not specified, the function will just check to see if the username and hash has access to WMI on the target.

Sleep – Default = 10 Milliseconds: Sets the function’s Start-Sleep values in milliseconds.

Example:

Invoke-WMIExec -Target 192.168.100.20 -Domain TESTDOMAIN -Username TEST -Hash F6F38B793DB6A94BA04A52F1D3EE92F0 -Command “command or launcher to execute” -verbose

Screenshot:

Invoke-SMBExec

SMB (PsExec) command execution function supporting SMB1, SMB2 (2.1), and SMB signing.

Parameters:

Target – Hostname or IP address of target.

Username – Username to use for authentication.

Domain – Domain to use for authentication. This parameter is not needed with local accounts or when using @domain after the username.

Hash – NTLM password hash for authentication. This function will accept either LM:NTLM or NTLM format.

Command – Command to execute on the target. If a command is not specified, the function will just check to see if the username and hash has access to SCM on the target.

CommandCOMSPEC – Default = Enabled: Prepend %COMSPEC% /C to Command.

Service – Default = 20 Character Random: Name of the service to create and delete on the target.

SMB1 – (Switch) Force SMB1. The default behavior is to perform SMB version negotiation and use SMB2 if supported by the target.

Sleep – Default = 150 Milliseconds: Sets the function’s Start-Sleep values in milliseconds.

Example:

Invoke-SMBExec -Target 192.168.100.20 -Domain TESTDOMAIN -Username TEST -Hash F6F38B793DB6A94BA04A52F1D3EE92F0 -Command “command or launcher to execute” -verbose

Screenshot:

Tutorial & Download

The post Invoke-TheHash: PowerShell Pass The Hash Utils appeared first on Penetration Testing.

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s