- If you have
mimikatzthen there’s always a way to get the NTLM hash; HackTricks is always a good friend. Also, when you get a hash with a tool likesecretsdump.pyyou usually get the NTLM hash. Do not confuse it with NTLMv2 hash that is what you get for other services like SMB (when you intercept it and get a hash with a tool likeResponder). - Why do you need the password if you already are
nt/authority system? Based on my experience, the answer is simple: because people recycle their password for other machines and services. And then you can think “but if they recycle it I can pass the hash again to log in into another machine in the same intranet”; and you are half-right. But what if you find a new service running in another machine (like, for example, a login panel)? You never know if a previously found password might work again. That’s why sometimes a password is more valuable than a hash, at least in my opinion.
Yes, I have already solved it.
It seems I was trying to crack the LM hash instead of the NT hash.
I was just using hashcat incorrectly.
how solve this problem “This app can’t run on your PC” in Windows Privilege Escalation Skills Assessment - Part II to can execute CVE-2020-0668.exe
Hi there, I am more curious to find out how some of you found the CVE-202-0668 to escalate the privilege. Because I actually found another way to do so. Also when I used windows exploit suggester to maybe find a suggestion to escalate the privilege I could not see any direction towards CVE-2020-0668. Do you may used some automated tool to find it? Because I actually was trying to find it manual. Also afterwards I tried out some automated tools, but just one tool found the priv esc way that I found manually (itm4n/PrivescCheck). I would be grateful if some1 would share your way of finding 2020-0668.
btw, i did not use CVE, just enumeration Always Installed Elevated.,Generate msi by msfvenom, use nc listener.
Use pwdump for generate hash