Is it possible, with NT Authority/SYSTEM access, to reuse mscash2 credentials in any way on a local system or AD network? Perhaps with runas /savecred or mimikatz or something similar? I know that the mscash2 cannot be passed in a traditional pass the hash attack, but perhaps there is a way to launch a powershell session using these credentials on the local machine, which could then interact with the rest of the AD network under the guise of the user with saved mscash2?
Asked
Active
Viewed 15 times
