11 matches found
Go-Secdump - Tool To Remotely Dump Secrets From The Windows Registry
Package go-secdump is a tool built to remotely extract hashes from the SAM registry hive as well as LSA secrets and cached hashes from the SECURITY hive without any remote agent and without touching disk. The tool is built on top of the library go-smb and use it to communicate with the Windows...
Metasploit Weekly Wrap-Up 05/03/24
Dump secrets inline This week, our very own cdelafuente-r7 added a significant improvement to the well-known Windows Secrets Dump module to reduce the footprint when dumping SAM hashes, LSA secrets and cached credentials. The module is now directly reading the Windows Registry remotely without...
Metasploit Wrap-Up
Windows secrets dump The following provided by Christophe De La Fuente! A common pen testing pattern is to compromise a local administrative account on a host and use it to grab Windows password hashes, kerberos tickets, and other secrets stored locally. The most common technique is to run tools...
Windows Secrets Dump
Dumps SAM hashes and LSA secrets including cached creds from the remote Windows target without executing any agent locally. This is done by remotely updating the registry key security descriptor, taking advantage of the WriteDACL privileges held by local administrators to set temporary read...
Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/231/info The HKeyLocalMachine\SECURITY\Policy\Secrets\ key contains obfuscated data for various system services/resources. Clear-text usernames and passwords for services running under the context of a user account,...
BindView HackerShield 1.0/1.1 HackerShield AgentAdmin Password Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/628/info The BindView HackerShield product originally Netect's HackerShield creates an NT service account called NetectAgentAdmin$. This account is a member of the local administrators group on an NT host. The service...
Windows 7/8 admin account installation password stored in the clear in LSA Secrets
---------------------------------- Bug title: Windows 7/8 admin account installation password stored in the clear in LSA Secrets Affected systems: Windows 7, 8 related issue on XP Author: Xavier CC ---------------------------------- Background: ---------------------------------- "Windows LSA...
BindView HackerShield 1.0/1.1 - HackerShield AgentAdmin Password
source: https://www.securityfocus.com/bid/628/info The BindView HackerShield product originally Netect's HackerShield creates an NT service account called NetectAgentAdmin$. This account is a member of the local administrators group on an NT host. The service account password is not machine...
Microsoft Windows NT 4.04.0 SP14.0 SP24.0 SP34.0 SP44.0 SP5 - RAS Dial-up Networking Save Password
Microsoft Windows NT 4.04.0 SP14.0 SP24.0 SP34.0 SP44.0 SP5 - RAS Dial-up Networking Save Password source: https://www.securityfocus.com/bid/232/info Windows NT allows users to save their RAS and/or RRAS credentials by using the 'Save Password' checkbox when making a dial-up connection. Credentia...
Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 - RAS Dial-up Networking Save Password
source: https://www.securityfocus.com/bid/232/info Windows NT allows users to save their RAS and/or RRAS credentials by using the 'Save Password' checkbox when making a dial-up connection. Credentials saved in this manner are stored in the...
Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability
Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability. Local exploit for windows platform source: http://www.securityfocus.com/bid/231/info The HKeyLocalMachine\SECURITY\Policy\Secrets\ key contains obfuscated data for various system services/resources. Clear-text usernames a...