SMBProxy is a “Passing The Hash” tool that works as a proxy. It makes it possible to authenticate to a Windows NT4/2000 server by only knowing the md4 hash. It also makes it possible to mount shares, access the registry and anything else you could do with that particular users privileges. The theory behind this is pretty old, and I don’t take any credit for it. The tools for doing this though, have been quite limited. That’s why I decided to release this proxy, to really demonstrate the magic of “Passing The Hash”.
It succesfully intercepts communication with Windows NT 4.0 and Windows 2000. It looks for the username trying to connect and does a lookup in the pwdump file for the users hash. Currently it only intercepts the NTLM hash.
It’s still in early development stages but seems to work good enough to release.
—- copyright stuff ————————————————-
This product includes cryptographic software written by
Eric Young (firstname.lastname@example.org)
SMBProxy was developed by Patrik Karlsson.