Docs: Add NTLM hash details to PowerShell exploiter docs

2021-09-02 14:29:07 -04:00 · 2021-09-02 14:29:07 -04:00 · 65c9be90d3
parent 71c4e4d8dc
commit 65c9be90d3
1 changed files with 13 additions and 2 deletions
--- a/docs/content/reference/exploiters/PowerShell.md
+++ b/docs/content/reference/exploiters/PowerShell.md
@ -22,8 +22,9 @@ The PowerShell exploiter can be run from both Linux and Windows attackers. On
 Windows attackers, the exploiter has the ability to use the cached username
 and/or password from the current user. On both Linux and Windows attackers, the
 exploiter uses all combinations of the [user-configured usernames and
-passwords]({{< ref "/usage/configuration/basic-credentials" >}}). Different
-combinations of credentials are attempted in the following order:
+passwords]({{< ref "/usage/configuration/basic-credentials" >}}), as well as
+and LM or NT hashes that have been collected. Different combinations of
+credentials are attempted in the following order:

 1. **Cached username and password (Windows attacker only)** - The exploiter will
   use the stored credentials of the current user to attempt to log into the
@ -47,6 +48,16 @@ combinations of credentials are attempted in the following order:
   all combinations of usernames and passwords that were set in the
   [configuration.]({{< ref "/usage/configuration/basic-credentials" >}})

+1. **Brute force usernames and LM hashes** - The exploiter will attempt to use
+   all combinations of usernames that were set in the [configuration]({{< ref
+   "/usage/configuration/basic-credentials" >}}) and LM hashes that were
+   collected from any other victims.
+
+1. **Brute force usernames and NT hashes** - The exploiter will attempt to use
+   all combinations of usernames that were set in the [configuration]({{< ref
+   "/usage/configuration/basic-credentials" >}}) and NT hashes that were
+   collected from any other victims.
+

 #### Securing PowerShell Remoting