Academy - Windows Privilege Escalation - Pillaging

I’m having some trouble with Question 5.

“Restore the directory containing the files needed to obtain the password hashes for local users. Submit the Administrator hash as the answer.”

I can easily restore the restic backups, but downloading the SAM and SYSTEM files to my Kali box and running samdump2 yields null passwords for all local users. I believe that samdump2 no longer works with modern Windows SAM/SYSTEM dumps.

Any help is appreciated.

I figured it out.

After downloading the SAM and SYSTEM files to my Kali, I used secretsdump.py instead of samdump2 and I got the “real” hashes, not the “null” hashes! Boom!

can you give a hint on how to find and download the cookie in the previous question in this section

" Log in as Grace and find the cookies for the slacktestapp.com website. Use the cookie to log in into slacktestapp.com from a browser within the RDP session and submit the flag."

having trouble finding firefox cookie database

1 Like