How to Perform a Pass-the-Hash Attack & Get System Access on Windows

Passwords on Windows are stored as hashes, and sometimes they can be tough to crack. In certain situations, though, we can get around that by using the hash as is, with no need to know the plaintext password. It's especially interesting if we can manage to get the hash of an administrative user since we can then authenticate with higher privileges by performing an attack known as pass the hash. We will be initially compromising a Windows 7 box, grabbing a hash from there, and pivoting to Windows Server 2016. The user whose password hash we obtain needs to have administrative privileges and to... more