Passing-the-hash for everyone

Core security released their PSH (passing-the-hash) toolkit today. Even though the concept of passing-the-hash is old, few tools putting it into practise have been available to the public. A number of companies working within security industry have had their own tools, some being more proud of them than others 😉 I myself attempted to write a generic proxy implementation for this in 2001 and published it here on cqure.net. It worked alright at the time, but has not done so for quite a while now.

In short passing-the-hash allows you to extract encrypted passwords (hashes) from a Windows system and use the hashes, without knowing the password, in order to authenticate to other Windows systems with users having the same passwords. The risk associated with this should be obvious to most people.

This entry was posted in cqure.net on by .

About Patrik Karlsson

Patrik Karlsson created cqure.net in 2001 as a way of assisting security professionals around the globe with the necessary tools for improving security in IT-systems. Patrik has developed all of the tools that are published on the site, he also maintains and improves them on a somewhat regular basis.