Home page logo

metasploit logo Metasploit mailing list archives

Re: Hashdump
From: Jonathan Cran <jcran () 0x0e org>
Date: Fri, 16 Apr 2010 14:27:10 -0400

see HD's blog post from Jan 1
http://blog.metasploit.com/2010/01/safe-reliable-hash-dumping.html for
background info. the registry extraction method (linked in the blog) is


On Fri, Apr 16, 2010 at 1:47 PM, Matt Gardenghi <mtgarden () gmail com> wrote:

Interesting.  That technique obtained the Administrator and Guest hashes.
 There are other users on the box and not all of them are domain accounts.
 Still it was better then what I had been getting.


On 4/16/2010 9:39 AM, HD Moore wrote:

On 4/16/2010 7:57 AM, Matt Gardenghi wrote:

Why would this be failing?  It seems as if MS has changed something to
fight back.  Also, I've been unable to open a shell on the box, once
I've elevated my privs to system: execute -f cmd.exe -c -t .

Any pointers would be helpful.  Thanks.

Try "run hashdump" to use the registry method, this only supports local
accounts and not domains right now.


Jonathan Cran
jcran () 0x0e org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]