Commit 3fc0a78e authored by bobloblaw's avatar bobloblaw
Browse files

Updates loot.md 

Auto commit by GitBook Editor
parent 2f68b123

loot.md

+11 −10
Original line number Diff line number Diff line
@@ -6,27 +6,27 @@ 
If you have a meterpreter shell you are able to do a lot of thing with very little effort.

If you do not have a meterpreter-shell you can always create a exploit with msfvenom. An elf or exe or other format to upgrade your shell.









Show help of all commands:

```

-h

```



Dump windows hashes for further analysis

**Dump windows hashes for further analysis**



```

hashdump

```



Keylogger



```

keysscan_start

keyscan_dump

keyscan_stop

```



Webcam commands

**Mic and webcam commands**



```

record_mic     Record audio from the default microphone for X seconds

webcam_chat    Start a video chat
@@ -36,9 +36,9 @@ webcam_stream Play a video stream from the specified webcam 
```





## Dumping password on windows

## Dumping passwords and hashes on windows



This most likely requires administrative rights, that's why the chapter is found here and not in priv-esc. Once you have a hash you can move on tto the Password Cracking-chapter where we discuss different techniques of cracking hashes.

This most likely requires administrative rights, that's why the chapter is found here and not in priv-esc. Once you have a hash you can move on to the Password Cracking-chapter where we discuss different techniques of cracking hashes.



Windows stores passwords in SAM - Security Account Manager. Passwords are stored differently depending on the operating system. Up until (and including) Windows 2003 stored the passwords in LAN Manager (LM) and NT LAN Manager (NTLM). LM is incredibly insecure. From windows vista and on the system does not use LM, only NTLM. So it is a bit more secure.
@@ -48,20 +48,21 @@ Windows stores passwords in SAM - Security Account Manager. Passwords are stored 


### LM Hashes



LM hashes can be reaully easy to crack. The LM part in the example below is the first part.

LM hashes can be really easy to crack. The LM part in the example below is the first part.



```

Administrator:500:FA21A6D3CF(01B8BAAD3B435B51404EE:C294D192B82B6AA35C3DFCA81F1F59BC:::

```



Example of NT



```

Administrator:500:NO PASSWORD*********************:BE134K40129560B46534340292AF4E72:::

```



### fgdump.exe



We can use fgdump.exe (locate fgdump.exe on kali) to extract NTLM and LM Password hashes. Run it and there is a file called 127.0.0.1.pwndump where the hash is saved. Now you can try to brute force it. 

We can use `fgdump.exe` (`locate fgdump.exe` on kali) to extract NTLM and LM Password hashes. Run it and there is a file called 127.0.0.1.pwndump where the hash is saved. Now you can try to brute force it. 





### Windows Credencial Editor (WCE)