EvilZone

Hacking and Security => Hacking and Security => Topic started by: Axon on July 30, 2014, 10:44:05 PM

Title: Pass-the-Hash is Dead, or is it?
Post by: Axon on July 30, 2014, 10:44:05 PM

This is a good read on the recent fix by Microsoft called KB2871997, which some have dubbed "Pass the hash fix". According to this fix, local accounts can no longer be used to access remote systems, either via simple network logon or interactive login. This includes using tools like PSEXEC or even browsing to C$ remotely. But this is not always the case?

http://www.harmj0y.net/blog/

http://www.pwnag3.com/2014/05/what-did-microsoft-just-break-with.html

Title: Re: Pass-the-Hash is Dead, or is it?
Post by: Ogma on August 23, 2014, 07:18:31 PM

And theres always the krbtgt account hash for the kerberos "golden ticket."