Metasploit mailing list archives
Re: Hashdump
From: Giorgio Casali <giorgio.casali () gmail com>
Date: Sat, 17 Apr 2010 13:50:15 +0200
Hi Matt, to get the domain users hashes you can try to upload gsecdump ( http://www.truesec.com/PublicStore/catalog/Downloads,223.aspx) to the Domain Controller and execute it with system privileges (-a) or if It doesn't work you might have some antivirus blocking you. In that case you can try to stop the AV service or if you don't have the privileges you might try to use the tools *Instrsrv.exe and **Srvany.exe from *windows resource kit ( http://www.microsoft.com/downloads/details.aspx?FamilyID=9D467A69-57FF-4AE7-96EE-B18C4790CFFD&displaylang=en) and install your batch file e.g (sc stop <antivirus service>) as a service. Giorgio 2010/4/16 Jonathan Cran <jcran () 0x0e org>
see HD's blog post from Jan 1 http://blog.metasploit.com/2010/01/safe-reliable-hash-dumping.html for background info. the registry extraction method (linked in the blog) is handy. jcran On Fri, Apr 16, 2010 at 1:47 PM, Matt Gardenghi <mtgarden () gmail com>wrote:Interesting. That technique obtained the Administrator and Guest hashes. There are other users on the box and not all of them are domain accounts. Still it was better then what I had been getting. Matt On 4/16/2010 9:39 AM, HD Moore wrote:On 4/16/2010 7:57 AM, Matt Gardenghi wrote:Why would this be failing? It seems as if MS has changed something to fight back. Also, I've been unable to open a shell on the box, once I've elevated my privs to system: execute -f cmd.exe -c -t . Any pointers would be helpful. Thanks.Try "run hashdump" to use the registry method, this only supports local accounts and not domains right now. _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework-- Jonathan Cran jcran () 0x0e org 515.890.0070 _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Hashdump Matt Gardenghi (Apr 16)
- Re: Hashdump HD Moore (Apr 16)
- Re: Hashdump Matt Gardenghi (Apr 16)
- Re: Hashdump Jonathan Cran (Apr 16)
- Re: Hashdump Giorgio Casali (Apr 17)
- Re: Hashdump Matt Gardenghi (Apr 19)
- Re: Hashdump Giorgio Casali (Apr 20)
- Re: Hashdump Matt Gardenghi (Apr 20)
- Re: Hashdump Matt Gardenghi (Apr 16)
- Re: Hashdump HD Moore (Apr 16)