Pass the hash attack with Mimikatz
What is Mimikatz?
Mimikatz is an open-source application that allows users to view and save authentication credentials like Kerberos tickets. Benjamin Delpy continues to lead Mimikatz developments, so the toolset works with the current release of Windows and includes the most up-to-date attacks.
Attackers commonly use Mimikatz to steal credentials and escalate privileges: in most cases, endpoint protection software and anti-virus systems will detect and delete them. Conversely, pentesters use Mimikatz to detect and exploit vulnerabilities in your networks so you can fix them.
After getting the hash from the Ntds.dit file, we can easily perform actions on behalf of the Administrator account within the domain using Mimikatz.
By issuing a command with Mimikatz, we can elevate our account to that of the Domain Administrator account. This will launch whatever process you specify with this elevated token. In this case, I will launch a new command prompt.
With the newly launched command prompt, we can perform activities as the Domain Administrator, while Windows still thinks we are a normal user