Metasploit mailing list archives
Re: Hashdump
From: Jonathan Cran <jcran () 0x0e org>
Date: Fri, 16 Apr 2010 14:27:10 -0400
see HD's blog post from Jan 1 http://blog.metasploit.com/2010/01/safe-reliable-hash-dumping.html for background info. the registry extraction method (linked in the blog) is handy. jcran On Fri, Apr 16, 2010 at 1:47 PM, Matt Gardenghi <mtgarden () gmail com> wrote:
Interesting. That technique obtained the Administrator and Guest hashes. There are other users on the box and not all of them are domain accounts. Still it was better then what I had been getting. Matt On 4/16/2010 9:39 AM, HD Moore wrote:On 4/16/2010 7:57 AM, Matt Gardenghi wrote:Why would this be failing? It seems as if MS has changed something to fight back. Also, I've been unable to open a shell on the box, once I've elevated my privs to system: execute -f cmd.exe -c -t . Any pointers would be helpful. Thanks.Try "run hashdump" to use the registry method, this only supports local accounts and not domains right now. _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
-- Jonathan Cran jcran () 0x0e org 515.890.0070
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Hashdump Matt Gardenghi (Apr 16)
- Re: Hashdump HD Moore (Apr 16)
- Re: Hashdump Matt Gardenghi (Apr 16)
- Re: Hashdump Jonathan Cran (Apr 16)
- Re: Hashdump Giorgio Casali (Apr 17)
- Re: Hashdump Matt Gardenghi (Apr 19)
- Re: Hashdump Giorgio Casali (Apr 20)
- Re: Hashdump Matt Gardenghi (Apr 20)
- Re: Hashdump Matt Gardenghi (Apr 16)
- Re: Hashdump HD Moore (Apr 16)