1
00:00:00,300 --> 00:00:03,870
So now we've used a password to pass around the network.

2
00:00:03,870 --> 00:00:10,640
We discovered that one forty two and one forty one have the same local advent of Frank Castle.

3
00:00:11,190 --> 00:00:17,270
So we are able to get a shell on Bold Machines now we could try this exact with Meadows boy go in there.

4
00:00:17,270 --> 00:00:18,520
Run hash dum.

5
00:00:18,600 --> 00:00:19,620
See if we get lucky.

6
00:00:19,650 --> 00:00:22,320
But again that's a little bit on the noisy side.

7
00:00:22,320 --> 00:00:28,820
That is it you saw it get picked up by antivirus by Windows Defender but you're seeing that.

8
00:00:29,180 --> 00:00:30,770
Yes exact still isn't.

9
00:00:30,780 --> 00:00:35,690
I still can't turn off my antivirus quite yet so you can see that.

10
00:00:36,110 --> 00:00:39,380
P.S. exactly on this exact Pi is not getting picked up.

11
00:00:39,420 --> 00:00:40,740
So that's nice.

12
00:00:40,740 --> 00:00:45,380
What we can do to dump hashes in this situation is we can run a tool called Secret Stum.

13
00:00:45,630 --> 00:00:46,420
And guess what.

14
00:00:46,420 --> 00:00:47,860
Secrets jumped up high.

15
00:00:47,940 --> 00:00:50,150
Also part of the impact tool kit.

16
00:00:50,160 --> 00:00:51,980
So we can do something along these lines.

17
00:00:51,990 --> 00:00:58,440
We can say Marvel f castle and then password one that should look very familiar.

18
00:00:58,440 --> 00:01:00,230
It's the same syntax as before.

19
00:01:00,540 --> 00:01:07,000
And then just 1 9 2 1 6 8 57 and we'll start with Frank Castle's machine at forty one.

20
00:01:07,050 --> 00:01:08,040
Try that.

21
00:01:08,160 --> 00:01:09,370
See what happens.

22
00:01:09,390 --> 00:01:09,810
Look at that.

23
00:01:09,810 --> 00:01:10,660
That's beautiful.

24
00:01:11,010 --> 00:01:11,500
OK.

25
00:01:11,520 --> 00:01:13,850
We know we have access to 142 as well.

26
00:01:13,860 --> 00:01:20,210
Let's go ahead and just do that and come in here and it's going to dump all this information for us.

27
00:01:20,250 --> 00:01:22,380
So this is wonderful information.

28
00:01:22,410 --> 00:01:23,240
OK.

29
00:01:23,340 --> 00:01:29,160
It's coming in here and it's dumping not only the Sam hashes but it's dumping what are known as LSA

30
00:01:29,160 --> 00:01:32,500
secrets and this DP API key.

31
00:01:32,730 --> 00:01:36,590
You don't have to worry too much about bees right here.

32
00:01:36,840 --> 00:01:42,350
More so we're going to focus on the hashes that we get back if we get any local hashes.

33
00:01:42,390 --> 00:01:46,770
We'll talk more about what the LSA secrets are in the rest of this is and we get into Mimi Katz here

34
00:01:46,770 --> 00:01:51,240
in just a few videos so I'll say that for this or I'll save that for later.

35
00:01:51,270 --> 00:01:55,120
But just know that you can dump these hashes and look we can grab these.

36
00:01:55,170 --> 00:02:00,660
We can also just kind of examine and see like I can copy this and we can just go into a new tab and

37
00:02:00,660 --> 00:02:06,690
just say gee Edit I'll just call this test and we'll just paste this into here and then I'll grab these

38
00:02:06,690 --> 00:02:14,940
other ones and I'll paste them and you could do a quick quick eye test and see here if I can copy if

39
00:02:15,480 --> 00:02:19,230
the same hash shows up more than once.

40
00:02:19,230 --> 00:02:25,350
So look here and just see and we can separate these out just to make a little easier if there's password

41
00:02:25,360 --> 00:02:29,460
reuse the last hash here will be the same.

42
00:02:29,460 --> 00:02:34,320
So you can see here that the administrator account is utilizing the same password.

43
00:02:34,350 --> 00:02:40,020
So if we're going to try to pass this hash around guess what we are we can try to pass this around and

44
00:02:40,020 --> 00:02:43,710
see if it'll get us around the network and we'll see what this does.

45
00:02:43,740 --> 00:02:48,060
And then we'll try to crack some of these hashes and see if these hashes crack what it's going to look

46
00:02:48,060 --> 00:02:50,040
like and go from there.

47
00:02:50,040 --> 00:02:55,710
So in the next video we're going to focus on trying to crack these hashes and then I'll show you the

48
00:02:56,010 --> 00:03:01,470
passing the hash method which is incredibly useful and why we don't even have to attempt to crack these

49
00:03:01,530 --> 00:03:02,760
if we don't want to.

50
00:03:02,760 --> 00:03:07,650
So let's go ahead and jump over in the next video or we just quickly try to crack these passwords and

51
00:03:07,650 --> 00:03:09,510
then we'll move on into passing the hash.