12-17-2022, 11:10 PM
I am doing a pentest exercise in a Windows Server 2016. I could elevate the privilege and become an admin (NT AUTHORITY\SYSTEM). So I could dump the entire registry with a command like this:
As I understand, the password hash of the local users are in: [HKEY_LOCAL_MACHINE\SECURITY\SAM\*]
Where exactly is the hash and how can I input it to hashcat start to do the brute force?
I am noob... And I am angry because I don't find this answer.
Code:
for %x in (HKLM HKCU HKCR HKU HKCC) do reg export %x c:\windows\temp\registry_%x.txt
As I understand, the password hash of the local users are in: [HKEY_LOCAL_MACHINE\SECURITY\SAM\*]
Where exactly is the hash and how can I input it to hashcat start to do the brute force?
I am noob... And I am angry because I don't find this answer.