1
00:00:01,440 --> 00:00:10,500
And also to also dump's the hashas of the user so you can use this hash to impersonate another user

2
00:00:10,710 --> 00:00:17,160
so you can download this Mimecast from the source for dot net and you can just maybe get drunk and you

3
00:00:17,160 --> 00:00:17,940
get this link.

4
00:00:19,320 --> 00:00:28,260
So if you go back and take this Mimecast download and the rest of dot com and go scroll down here and

5
00:00:28,260 --> 00:00:29,920
download this track.

6
00:00:31,200 --> 00:00:35,730
And now I have ordered on this one sorry.

7
00:00:35,910 --> 00:00:39,000
Um, this one if you will.

8
00:00:39,080 --> 00:00:40,670
You can see the wrist a little bit.

9
00:00:41,320 --> 00:00:46,140
But first go on because you told the question, because my understanding is you forward and I click

10
00:00:46,140 --> 00:00:51,860
on this and administrator so sometimes you don't need to run as administrator.

11
00:00:52,050 --> 00:01:00,990
So there is one sitting in the group policy of this machine that is devoting a lot of binaries to something

12
00:01:00,990 --> 00:01:01,350
like this.

13
00:01:01,650 --> 00:01:02,850
I just forgot that.

14
00:01:02,880 --> 00:01:11,270
So if there is a set default by all, then anyone can start debugging, uh, using the normal procedures.

15
00:01:11,760 --> 00:01:18,420
So this means that if you can run if you have the group sitting on, so make sure that you have the

16
00:01:18,420 --> 00:01:19,970
secured group policy settings.

17
00:01:20,670 --> 00:01:27,480
So first thing we need to do is we need to, uh, we will attach our when we get to the process and

18
00:01:27,480 --> 00:01:29,070
it will do the processing action.

19
00:01:29,070 --> 00:01:40,620
It will try to but dump the ah, the memory from the processor and it will look for the possible hashes

20
00:01:40,950 --> 00:01:43,190
in first place people.

21
00:01:43,230 --> 00:01:46,710
So we need to the and it is OK.

22
00:01:47,100 --> 00:01:53,910
And now we are going to log on uh this password using the security system and passwords, it will have

23
00:01:53,910 --> 00:01:56,810
all the passwords of the users that are currently logged.

24
00:01:58,810 --> 00:01:59,620
As you can see.

25
00:02:01,400 --> 00:02:06,370
To go around the country, there is an accuser Keyzer anniversary order.

26
00:02:06,410 --> 00:02:13,640
So this is my computer's password and it's just like our friend password, and I don't use it for any

27
00:02:13,640 --> 00:02:14,600
other online accounts.

28
00:02:15,110 --> 00:02:19,280
And there you can see those user don't log on server and this one.

29
00:02:20,480 --> 00:02:24,800
So the user name is key and the domain is the desktop and hashes.

30
00:02:25,190 --> 00:02:31,310
So you can dump these plaintext passwords and you can also dump this NPRM just so you can use these

31
00:02:31,310 --> 00:02:34,940
hashes to do this, pass the hash out.

32
00:02:35,180 --> 00:02:41,840
So some applications in Windows are some in this directory, access to the user name and the hash and

33
00:02:41,840 --> 00:02:45,150
they will allow the access only to take the password.

34
00:02:45,170 --> 00:02:50,300
So instead of the password, you can pass this hash to get other indicators.

35
00:02:50,320 --> 00:02:56,450
So that's so serious vulnerability and you can use this in using this comment.

36
00:02:56,550 --> 00:03:01,460
So Securus, copy this one and pasted in here.

37
00:03:13,890 --> 00:03:19,430
So we need to change some things, that is we need to pay our administrators.

38
00:03:19,770 --> 00:03:20,310
We do not.

39
00:03:20,310 --> 00:03:22,080
The administrators are right.

40
00:03:22,620 --> 00:03:23,810
We got accuser.

41
00:03:24,450 --> 00:03:27,780
I'm sorry we covered the session.

42
00:03:27,800 --> 00:03:29,850
Let's try to impersonate as this user.

43
00:03:31,390 --> 00:03:37,960
And let's scroll down and down sort of this area and just push this one.

44
00:03:41,770 --> 00:03:45,070
And then you need to, uh, do the domain name.

45
00:03:48,930 --> 00:03:54,810
So this is a domain name, I actually don't have any domain, but it's destroying the computer domain.

46
00:03:55,260 --> 00:04:00,960
So even though it won't work, but it will work it out when I have that to the set up.

47
00:04:02,370 --> 00:04:05,220
So let's break this down in here.

48
00:04:05,550 --> 00:04:06,840
And the user name Nikki.

49
00:04:09,740 --> 00:04:15,780
So I discovered the CDC to try to connect to this user, to this debate with the interim, and it was

50
00:04:15,800 --> 00:04:17,720
no comment from the system.

51
00:04:18,860 --> 00:04:25,190
So it will Troy Aikman and with this other negative result that's straight ahead on this.

52
00:04:27,530 --> 00:04:31,550
And seems like we do not get the process.

53
00:04:32,690 --> 00:04:38,920
So maybe we should allow this domain like set up.

54
00:04:38,990 --> 00:04:41,240
Let's try for our group.

55
00:04:57,660 --> 00:04:59,060
So it's not working.

56
00:05:02,360 --> 00:05:07,730
All right, but anyway, if you have the actual territory and your computer is joining to the domain,

57
00:05:07,730 --> 00:05:15,100
you're going to be set at the end of this A.M. Hash and you will get the brunt of this escalated user

58
00:05:15,740 --> 00:05:16,240
in general.

59
00:05:16,310 --> 00:05:21,290
Use the administrator and of course, you will get the converters of this adventure tourism.

60
00:05:22,280 --> 00:05:26,870
And you can also export some certificates with this crypto module.

61
00:05:27,470 --> 00:05:29,440
And you can also use this as a dump.

62
00:05:29,870 --> 00:05:38,050
And this we have seen and try to sell them so we can use these modules and those options.

63
00:05:38,510 --> 00:05:42,080
So that's basically what this would be, because she's very powerful tool.

64
00:05:43,220 --> 00:05:48,320
We can work and we can just dump the plaintext passwords and also hundreds of other users.

65
00:05:49,250 --> 00:05:52,370
So we will see this more in the actual tree.

66
00:05:52,700 --> 00:05:58,790
And I start to do this to three separate calls.

67
00:05:58,820 --> 00:06:01,790
OK, but anyway, this is just basically what this movie gets.

68
00:06:02,510 --> 00:06:06,980
I would add to that to the letter after release of this course.

69
00:06:07,750 --> 00:06:08,410
All right.

70
00:06:08,840 --> 00:06:10,220
Just one or two once.

71
00:06:10,970 --> 00:06:13,050
So that's all for this year.

72
00:06:13,070 --> 00:06:18,170
I hope you have understood the print sponsors and and I just using this at.