This is the first part of our Encyclopedia of Pass-the-Hash / SMB Relay attacks (SMB Relay Bible). The aim of this encyclopedia is to collect all possibilities of obtaining NTLM authentication for conducting SMB relay attacks or stealing credentials.
We often use those methodologies in different penetration testings and business application security assessments, so we have decided to collect all the information in one place. It is very useful area for penetration tests and a great example of tactical exploitation methodologies because you don’t need to use any exploit to get the full access to corporate network, just pass and relay.
Every week or two we are going to publish different methods of passing the hash in different systems and applications from DOC files to ERP systems and many other. Some of the methods are not new but perfectly described and categorized. Previously unknown examples will also be published.