Using Obtained Passwords
Core Impact can use obtained username and password information to deploy agents. In contrast to the agents deployed by the exploitation process, these agents are deployed not by exploiting a vulnerability but by logging into the target hosts with the specified username and password.
When using the SMB protocol to install an agent on a Windows host, it is possible to use password hashes to log in as opposed to using a fully recovered password. This technique, sometimes referred to as "Pass the hash" is implemented in the "Install Agent using SMB" module from the Agents module folder. When run against a host from which hashes have been obtained (the hashes are stored in the host properties, within the Identities container), the module will automatically cycle through the available hashes until one is successful.
To learn more about deploying agents with a valid username and password, see Deploying an Agent Using Valid User Credentials.