Code Monkey home page Code Monkey logo

hasher's Introduction

Invoke-NetHash - The basic idea

The function of Invoke-NetHash is based on the idea to execute commands on a high number of clients by use of the NT Hash.

The engine for the whole process is the awsome Invoke-SMBExec script (written by @kevin_robertson). What Invoke-NetHash adds is a parallely execution of Invoke-SMBExec with a wide range of possible inputs. Next to the possability to execute custom commands I added builtin functions which are quite handy for penetration testing.

  • Invoke-PowerDump - originally written by Kathy Peters, Josh Kelley (winfang) and Dave Kennedy (ReL1K) - I added support for the latest Windows versions so by use of this function the NT Hashes of the local accounts can be extracted from the registry.
  • Invoke-LSADump - a very handy oneliner to dump the LSA Process

If those payloads are used in combination with Invoke-NetHash - the function (e.g. PowerDump) will be executed on every host targeted, the result written to a file and copied back to the attacker host. For this whole process the script relies on SMB shares - it will create an share and will remove if after the run completed. This share is used to load the payload and to transfer the result of the different targets.

I hope this scripts brings some use to you.

Usage

The simplest usage is to use the built in functions for PowerDump (the extraction of hashes from the local SAM Database aka the registry) or LSADump which creates a dump of the lsass process of the remote computer.

PowerDump

The fastest command for the usage against a single target is:

 Invoke-NetHash -Hosts dc -Username 'Administrator' -Hash 'e19ccf75ee54e06b06a5907af13cef42' -Powerdump $true -UserDomain "contoso.local" -WriteVerbose $true

LSADump

The fastest command for the usage against a single target is:

 Invoke-NetHash -Hosts dc -Username 'Administrator' -Hash 'e19ccf75ee54e06b06a5907af13cef42' -LSAdump $true -UserDomain "contoso.local" -WriteVerbose $true

Future Plans

Currently the script is very raw and will be enhanced down the road (some things are quite ugly but it is working and I will replace those part with time) - next to the code itself I plan to integrate an interactive shell triggered by SMBExec.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.