-
Notifications
You must be signed in to change notification settings - Fork 2
Module sessions
simondotsh edited this page Oct 27, 2021
·
1 revision
sessions enumerates net sessions established on a target. A net session is created when a client accesses a target's resource remotely, such as a network share.
This can help to map where privileged users are authenticated to.
Each session contains a source field. This source essentially informs you where the session was initiated from, and therefore may be a good target to compromise the user.
For instance, in the case where this user has authenticated on the source using a protocol that caches NT hashes in the LSASS process, a privileged user may leverage credential dumping to obtain their hash.
This is normal. Since the tool authenticates on the target via SMB to call the RPC method, you are effectively creating a net session.