Metasploit mailing list archives
Re: Simple script to swap hashes in SAM ..
From: John Nash <rootsecurityfreak () gmail com>
Date: Tue, 7 Sep 2010 19:53:46 +0530
I had proposed creation of a new user as an option, and the "clearev" can clear the event logs ... but overall creation of a new user is a messy affair. This would definitely be the last resort .... but i am just curious if what i am proposing would work, theoretically to begin with? On Tue, Sep 7, 2010 at 7:49 PM, ricky-lee birtles <mr.r.birtles () gmail com>wrote:
If i remember correctly ( not at my home laptop to check ) I do believe metasploit offers a script to delete event logs. Could you not add a new account. Record the login. Then remove the account and finally clean out the account creation and login events? Regards, -- Mr R Birtles On 7 September 2010 15:13, John Nash <rootsecurityfreak () gmail com> wrote:i am targeting a local account right now ... yes, it's for a pentest. Have broken in but wanted to take a video of me logging in as admin ... but ensuring that the admin never knows orsuspectstill he sees the final report + vid :) On Tue, Sep 7, 2010 at 7:39 PM, Craig Freyman <craigfreyman () gmail com> wrote:If its an Active Directory environment I dont think it would work since the password hashes are also stored with the user account unless you're trying to use a local account. Is this for a pentest? On Tue, Sep 7, 2010 at 8:03 AM, John Nash <rootsecurityfreak () gmail com> wrote:Craig, I am not trying to crack the hash. Quick breakdown: 1. I will generate hashes for a given password locally 2. I will backup the hashes in the SAM for the admin account on the victim 3. I will replace the hashes in the SAM file on the victim with theonei have generated in (1) 4. I will login as admin and do what i want (i know the pass for thenewhashes stored) 5. Restore the original hashes which i backed up in (2) 6. now when the admin is back he can login without issues would this work? On Tue, Sep 7, 2010 at 7:28 PM, Craig Freyman <craigfreyman () gmail com> wrote:I dont know, I doubt it. Have you tried running your hash through something like http://www.lmcrack.com/index.php ? On Tue, Sep 7, 2010 at 7:56 AM, John Nash <rootsecurityfreak () gmail com>wrote:the OS is win 2003 server ... i know i can run a keylogger after attaching to winlogon.exe or some other process attached to thewinlogondesktop in winsta0 but waiting for an admin may take too long ... would the solution i am proposing work? if it does, wait time isalmost0. On Tue, Sep 7, 2010 at 7:20 PM, Craig Freyman <craigfreyman () gmail com>wrote:What is the OS of the box you popped? Do you already havemeterpreter?Did you try running a simple keylogger to have the Admin give thepasswordright to you? On Tue, Sep 7, 2010 at 3:18 AM, John Nash <rootsecurityfreak () gmail com> wrote:Hello List, While trying some post exploitation, one of the major issues iguessis to login to the system as a user over rdp. We can do this in a couple of ways: create a new user <--- will create alarms change the password of existing user in case of (2) i was wondering would it be possible to just swaptheexisting hash with a new one (we now the password which hashes tothis one).... then do all we need to on the remote system .... then just replace the old hash for the original password back into the SAM. Is there any reason why this should not be possible? If yes, a meterepreter script could do this job very easily .... thoughts? Rgds, jn _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Simple script to swap hashes in SAM .. John Nash (Sep 07)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Simple script to swap hashes in SAM .. John Nash (Sep 07)
- Re: Simple script to swap hashes in SAM .. ricky-lee birtles (Sep 07)
- Re: Simple script to swap hashes in SAM .. John Nash (Sep 07)
- Re: Simple script to swap hashes in SAM .. Carlos Perez (Sep 07)
- Re: Simple script to swap hashes in SAM .. Robin Wood (Sep 07)
- Re: Simple script to swap hashes in SAM .. John Nash (Sep 07)
- Message not available
- Message not available
- Re: Simple script to swap hashes in SAM .. John Nash (Sep 07)