Passing the Hash from Metasploit
Passing the hash is a technique that enables attackers to use the password hash to authenticate to a remote server or service. During exploitation, Metasploit Pro collects data, such as password hashes, from the exploited system. After Metasploit Pro collects password hashes from a target, it can pass the hash to Nexpose and run a Nexpose scan to perform a credential scan.
Note: Before you can pass the hash in Metasploit Pro, you must configure a Nexpose Console from the Global Settings. After you configure a Nexpose Console, you can launch a Nexpose scan from the Metasploit Pro interface to pass the hash to the Nexpose scan.
1.)
2.) Click the Analysis tab.
3.) Click Nexpose from the Quick Tasks menu.
5.) Enter addresses for the scan targets. You can specify an IP address or a host name. There can be one address on each line.
Note: Metasploit Pro supports IPv4 and IPv6 addresses. You can use standard IPv6 addressing to define individual IPv6 addresses. For example, use fe80::202:b3ff:fe1e:8329 for single addresses and 2001:db8::/32 for CIDR notations. For link local addresses, you must append the interface ID to the address. For example, enter fe80::1%eth0 for a link local address.
7.) Click Show Advanced Options to configure additional options for the scan.
8.) Select Pass the LM/NTLM hash credentials. The Hash Credentials box displays. Metasploit Pro automatically populates the Hash Credentials box with a list of looted hashes. You can modify or add hashes to the hash list.
![]() |