Shared Local Windows Admin Password

  • LAST UPDATED DATE: 2015/11/25
  • LAST UPDATED BY: @mubix


Pass the Hash is

Capabilities and Risk

  • Lateral code execution and access to all systems with same local admin password


?? Other than dumping hashes and trying it out yourself, I'm lost on this one


  • Disable the local Administrator (RID 500) account. Or simply do not enable the account as it has been disabled by default since Windows Vista
  • Enable LocalAccountTokenFilterPolicy registry key as detailed in the references
  • Use Microsoft's LAPS or alternative local account randomization tool to randomize the local account passwords.



Dumping hashes from exploited machine then using the hash to access other machines on the network

Want to contribute? Check out the readme and contribution page or Get in touch!
Last updated on 24th Jul 2019