Jump to content
Hak5 Forums
Sign in to follow this  
lasie

CREDENTIAL HARVESTING FROM INTERNAL DATABASE

Recommended Posts

Hi pros, I recently got a Lan Turtle for doing a pentest against my network. My  purpose is to be able to remotely login to my network and be able to access the user database to see all usernames and passwords. I am not quite sure of which exploit to use in achieving this. Any help please.

Share this post


Link to post
Share on other sites

What precisely do you mean by "user database"?  Are you talking about recovering password hashes for users from Windows machines?  Linux?  Mac OS X?  Or from an actual database?

To get password hashes for the OS, you have to have Administrator (Windows) or root (Linux / Mac OS X) permissions.  Windows password hashes reside in the Security Account Manager file (SAM file... and that is its name), or /etc/shadow on Linux / Mac OS X.

Which exploit you will use to get Administrator or root will depend on a huge number of factors, including:

  1. How well is the system defended?
  2. How strong are the passwords?
  3. What services / ports are active and listening?
  4. Are any applications running as NT Authority\SYSTEM or root?
  5. Is anyone dumb enough to tell you their credentials over the phone, in response to an email, or on a fake credential-harvesting web site?
  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×