EvilZone

Hacking and Security => Hacking and Security => : Axon July 30, 2014, 10:44:05 PM

: Pass-the-Hash is Dead, or is it?
: Axon July 30, 2014, 10:44:05 PM

This is a good read on the recent fix by Microsoft called KB2871997, which some have dubbed "Pass the hash fix". According to this fix, local accounts can no longer be used to access remote systems, either via simple network logon or interactive login. This includes using tools like PSEXEC or even browsing to C$ remotely. But this is not always the case?

http://www.harmj0y.net/blog/

http://www.pwnag3.com/2014/05/what-did-microsoft-just-break-with.html

: Re: Pass-the-Hash is Dead, or is it?
: Ogma August 23, 2014, 07:18:31 PM

And theres always the krbtgt account hash for the kerberos "golden ticket."