Welcome Back,
In this new hack, we'll capture the passwords from a computer so that we can access his PC through his account or anyone else's account on his computer, including the most important account the system administrator's.
Windows systems store passwords in encrypted form inside a file called the SAM file. This file resides in the c:\windows\system32\config\sam directory. we have gain access to his computer already, then we can grab a copy of the encrypted passwords, transfer them to our computer, and then crack them later.
Grab the Password File
The Meterpreter has several powerful scripts built in. For this tutorial we'll be using one called hashdump.
Before we start here's a bit of explanation about hashes..
For security purposes, most operating systems (including all of the modern Windows operating systems) store the user passwords in hashes. This is a one-way encryption that make the passwords unreadable to humans. These are the hashes we're after, hence the script is called hashdump.
So, let's go ahead and grab those hashes!
In your meterpreter session type:
meterpreter > hashdump
As you can see, we now have some users and their encrypted password hashes. Now you must be thinking what we're going to do with this because we can't read them, but in my upcoming tutorial I'll show you how to crack these hashes.
Remember, once we have the clear text password, it's likely that the victim uses that same password for his/her social media too (i.e. Email, Facebook, Twitter, etc.), giving us access to many of his secure accounts.
Passwords are like underwear: you don't let people see it, you should change it very often, and you should not share it with strangers.
0 Comments