03-03-2015, 03:13 PM
(03-03-2015, 02:12 PM)giveen Wrote: Really good read, you would have to capture the hash first right as it transitioned across the network?
Based on the write up you need to just dump the credentials. Then use the md5 hash from the credentials database. There is no need to sniff the hash over the network. Although in theory you could also sniff the hash over the network and still do pth. I believe this is possible I may be wrong. From the write up it also seems they use ssl so you would have that to deal with also.