[ Pen Testing Windows ] :: Active Directory: Extracting NTDS and Cracking Hashes

Glenn Norman

Okay, you’ve gotten System user access on your Windows target, and now you want to get the goodies in Active Directory. Here’s the ultra-short version: Open Powershell and enter: ntdsutilActivate Instance ntdsifmcreate full c:\bak_fldrquitquit Check out this video that details of creating the NTDS backup, extracting data with secretsdump.py, https://github.com/SecureAuthCorp/im packet/blob/master/examples/secretsdump.py , and cracking password …

[ Pen Testing ] :: Step by Step: Uploading Shellcode and Upgrading the Shell

Blue Security Goddess

Getting a Remote Shell Let’s assume you’ve found some sort of access to your target, ideally an upload vulnerability that will let you get some shellcode onto the target. Netcat You could just start a Netcat listener on the victim, if Netcat is available: nc -lvnp 1234 … and start a shell on the attack …

[ Pen Testing ] :: Step by Step: Database Enumeration

Hacking in the dark

Database Enumeration Enumeration With SQLmap SQLmap is noisy as hell. Here is the official options/examples page: https://github.com/sqlmapproject/sqlmap/wiki/Usage. For example, save a captured header as an input file for SQLmap: Load HTTP request from a file Option: -r One of the possibilities of sqlmap is loading of raw HTTP request from a textual file. That way …