Among the techniques mentioned, we discuss how you can take advantage of the existing flaws in the old LANMAN Hash still used by Microsoft for compatibility reasons to obtain passwords in an easier and faster way. Another of the techniques mentioned consisted of the use of hashes that had not been cracked due to the robustness of the key, but that could also be used using Pass-the-Hash techniques to propagate our intrusion in the rest of the computers without knowing the password.
We can download the presentation or watch a small video of the demonstrations.
In the video we can see how, after an intrusion into the XPOWNED system, we stole the hashes and tried to crack them using the known weaknesses of Microsoft's LANMAN algorithm. However, one of the passwords resists both the dictionary attack and the brute force attack, so we apply pass-the-hash techniques to this hash. To do this, we use the Pass-the-Hash Toolkit (PSH) that as we see changes in the memory of our own Windows the credentials to replace them with the credentials of the impersonated user, and from there, for all purposes we are that user on the network. Finally we use metasploit's PSExec module to execute commands on the XPTARGET system. For more information you can consult the presentation.
Source: Pentester
