«

»

Eyl 06

Strategicsec Pentester Candidate Program

Metasploit PsExec pass the hash attack demonstration:

1.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
2.Add a new DWORD (32-bit) key named ‘ LocalAccountTokenFilterPolicy’ and set the value to 1

regini HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System LocalAccountTokenFilterPolicy = REG_DWORD 1

C:\Windows\system32>reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1
The operation completed successfully.

I firstly used existing shell to windows command prompt shell:

After I added the registry value above.After i changed registry value.I added different user named “bedri”.Succesfully made the pass the hash attack as images below:

PSExec

psexec2

Thanks the Joseph McCray

References:

http://www.rebootuser.com/?p=1268#.VesQeTYVjIU
https://www.offensive-security.com/metasploit-unleashed/interacting-registry/
http://www.strategicsec.com

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Şu HTML etiketlerini ve özelliklerini kullanabilirsiniz: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>