This is the first part of our encyclopedia of pass the hash / smbrealy attacks (SMBRelay Bible). The goal of this encyclopedia is to collect all possibilities of obtaining NTLM authentication for conducting SMB-relay attacks or stealing credentials.
We often use those methodologies in different penetration testings and business- application security assessments and decide to collect all this information in one place. It is very useful area in penetration tests and great example of tactical exploitation methodologies because you don’t need to use any exploit to get full access in corporate network, just pass and relay!
Every week (or two) we will publish different methods of passing the hash in many systems and applications from doc files to ERP systems and many other. Some of methods will be old but perfectly described and categorized and ofcause we will publish many previously unknown examples.