Checking Credentials (Domain)


  • Failed logins result in a [-]

  • Successful logins result in a [+] Domain\Username:Password

Code execution results in a (Pwn3d!) added after the login confirmation. With SMB protocol, most likely your compromised user is in the local administrators group.

    SMB    445    HOSTNAME          [+] DOMAIN\Username:Password (Pwn3d!)

The following checks will attempt authentication to the entire /24 though a single target may also be used.


#~ nxc smb -u UserNAme -p 'PASSWORDHERE'


After obtaining credentials such as Administrator:500:aad3b435b51404eeaad3b435b51404ee:13b29964cc2480b4ef454c59562e675c::: you can use both the full hash or just the nt hash (second half)

#~ nxc smb -u UserNAme -H 'LM:NT'
#~ nxc smb -u UserNAme -H 'NTHASH'
#~ nxc smb -u Administrator -H '13b29964cc2480b4ef454c59562e675c'
#~ nxc smb -u Administrator -H 'aad3b435b51404eeaad3b435b51404ee:13b29964cc2480b4ef454c59562e675c'

Last updated