1
00:00:00,430 --> 00:00:06,170
In this studio, we are going to talk about this, dumping the pastor ashes from the victim's computer

2
00:00:06,690 --> 00:00:15,300
and I have this, uh, simple recipe using this net that I have already uploaded this Sherida to CNN

3
00:00:15,580 --> 00:00:16,050
on this.

4
00:00:16,380 --> 00:00:24,660
So I got this cell and we know how to dump hashas using this matters where we just type the hash dump

5
00:00:24,660 --> 00:00:26,320
and you will get the hashes.

6
00:00:26,730 --> 00:00:36,510
But we busy manually from the postcard if Judum so fusca you see the WC 332.

7
00:00:40,930 --> 00:00:54,980
That this will dump the Windows credentials and there is also a 64 bit version of this WC, uh, so

8
00:00:54,980 --> 00:01:03,980
you can execute either one of these, uh, you can just, uh, the other day for all this with permission,

9
00:01:04,250 --> 00:01:07,490
you know that the, uh, you don't know the architecture.

10
00:01:07,490 --> 00:01:09,140
You can just, uh, do this tattoo.

11
00:01:09,800 --> 00:01:10,680
It will work fine.

12
00:01:12,230 --> 00:01:14,660
So now let me, uh, copy this.

13
00:01:20,860 --> 00:01:24,220
So now I have covered in my desktop.

14
00:01:28,140 --> 00:01:36,300
So you can see if you go to this, uh, you associate with those resources and you get much more, uh,

15
00:01:36,330 --> 00:01:44,240
binaries regarding Windows expert, you can see the binaries and this is the, uh, evasion tool.

16
00:01:44,250 --> 00:01:51,840
And we catch this will also dump, uh, the hashes and the power Sprite and especially NWC.

17
00:01:52,230 --> 00:01:54,990
So we have copied DWC that you do from this folder.

18
00:01:55,500 --> 00:02:03,960
If you go and take a look at this binaries and you will see how much more binary is here and how you

19
00:02:04,140 --> 00:02:13,580
press freedom and beating and see that whenever you have all this access, you can also send the net

20
00:02:13,630 --> 00:02:16,320
Carbonetti and run the transfer files.

21
00:02:16,510 --> 00:02:20,210
You can also you also have to navigate AT&T.

22
00:02:20,280 --> 00:02:27,280
So it's, uh, what, uh, what taking a look at this with those resources folder.

23
00:02:28,740 --> 00:02:35,610
So now we are going to copy this so that we going to have to dump the list.

24
00:02:36,630 --> 00:02:39,780
Now we know if she dumped the sea and another one.

25
00:02:39,780 --> 00:02:41,620
We are going to take a look at this, Peter.

26
00:02:43,140 --> 00:02:46,200
So let me copy these two directress into my desktop.

27
00:02:58,240 --> 00:02:58,780
So.

28
00:03:04,610 --> 00:03:12,020
All right, now and this year, we're going to see, uh, uh, functionality of these three executables.

29
00:03:13,550 --> 00:03:16,940
So we have this, uh, desktop shall know.

30
00:03:16,940 --> 00:03:26,960
What we're going to do is we are going to do the trick to transfer our files into this, uh, Windows

31
00:03:26,960 --> 00:03:27,580
XP machine.

32
00:03:27,590 --> 00:03:29,060
So let's go ahead and do this.

33
00:03:29,360 --> 00:03:30,320
Let's call.

34
00:03:40,530 --> 00:03:45,360
So let me make sure that my service is running, that is of Deputy Sara.

35
00:04:06,180 --> 00:04:09,630
All right, now, let's say a coal user.

36
00:04:16,470 --> 00:04:17,820
And the password.

37
00:04:23,870 --> 00:04:25,820
Now, let me change to the more.

38
00:04:31,790 --> 00:04:35,610
And then we are going to use the debt command to get the.

39
00:04:40,220 --> 00:04:46,460
Good name is, uh, WCT 32 that frustrate me, I'll get this one.

40
00:04:52,010 --> 00:04:52,490
Sorry.

41
00:05:01,200 --> 00:05:02,550
And then we will say by.

42
00:05:07,400 --> 00:05:14,210
So now we are going to run the TV from the script, if people want that be.

43
00:05:23,480 --> 00:05:29,090
All right, if I say yeah, and you can see there is W.S. 32.

44
00:05:32,350 --> 00:05:41,530
All right, now let's go ahead and turn this W.S. meter U.S. by default, it will dump our password

45
00:05:41,710 --> 00:05:42,250
hashas.

46
00:05:51,220 --> 00:05:52,270
All right, maybe.

47
00:05:52,690 --> 00:05:58,910
OK, I did not copy correctly, so let me just delete this one.

48
00:06:00,340 --> 00:06:03,370
So for this demonstration, I am going to show you this.

49
00:06:31,760 --> 00:06:38,540
OK, let me copy these three into my room and then I'll transfer to Windows XP, then it might be somewhat

50
00:06:39,560 --> 00:06:40,190
comfort.

51
00:06:43,680 --> 00:06:44,040
Here.

52
00:06:53,450 --> 00:06:56,540
So I have of set the password for this Mookie's.

53
00:06:58,000 --> 00:07:02,650
So now let me call VRD a jigaboos.

54
00:07:04,610 --> 00:07:06,380
And then just pasted in here.

55
00:07:22,780 --> 00:07:24,760
So open this current project.

56
00:07:25,870 --> 00:07:27,130
So we want to risk.

57
00:07:29,410 --> 00:07:34,840
So let me make this font bigger, so the SO will be clearly visible.

58
00:07:40,670 --> 00:07:45,970
All right, now I am on the desktop, now I can see WCG 32 36.

59
00:07:48,260 --> 00:07:53,900
Now, as you can see, we got the password hashes for the Nekesa and also for the work group.

60
00:07:54,500 --> 00:07:59,350
So this is the first one is the alarm hash and this is the anti hash.

61
00:07:59,360 --> 00:08:02,150
So windows up to expand to two and three.

62
00:08:02,420 --> 00:08:11,810
They're using the alarm manager that is called then manager, uh, user to store this password hash

63
00:08:12,110 --> 00:08:20,800
and then Windows seven on what they use at the NPRM, uh, and then manager to show this person.

64
00:08:20,810 --> 00:08:29,390
I just know if I said W.S. that you see minus which you get some options and what you can do is you

65
00:08:29,390 --> 00:08:31,790
can reach the sessions and credentials.

66
00:08:32,210 --> 00:08:33,400
That is the default one.

67
00:08:33,410 --> 00:08:34,570
We have to know.

68
00:08:34,790 --> 00:08:42,010
And with this W option, you can try to dump the plaintext passwords that are stored in the memory.

69
00:08:42,500 --> 00:08:47,660
So for this option, any one user should be logged on to the machine.

70
00:08:48,770 --> 00:08:52,130
So as you can see, we got the user and the password is Nikkie.

71
00:08:52,580 --> 00:08:54,650
So we have got the correct answer.

72
00:08:54,650 --> 00:09:00,870
But we only got the pastor for that lockdown user, so you'll only get the password for the lockdown

73
00:09:00,980 --> 00:09:01,310
user.

74
00:09:01,490 --> 00:09:05,270
And in a similar way, the movie also works in the same way.

75
00:09:06,860 --> 00:09:18,070
So now let's, uh, uh, take this off to a new field and you will see there are three phases over here.

76
00:09:18,440 --> 00:09:19,190
Click on this one.

77
00:09:19,200 --> 00:09:21,290
This is the, uh, accident.

78
00:09:21,830 --> 00:09:23,510
That is a cache dome.

79
00:09:23,660 --> 00:09:25,550
And the second one is speed of freedom.

80
00:09:25,730 --> 00:09:32,480
So you can use the speed of freedom, uh, to crack these hashes with some other tools, react under

81
00:09:32,480 --> 00:09:33,770
pressure, etc..

82
00:09:34,430 --> 00:09:36,100
And this is that if you don't lock.

83
00:09:36,710 --> 00:09:46,660
So let me, uh, review the contents of this one condition, that zero zero one and I'll you the freedom.

84
00:09:51,180 --> 00:09:57,390
So as you can see, you've got the harshest of are the users, so you can see administrator, uh, this

85
00:09:57,390 --> 00:10:04,080
is the group after group only they can see this is the hash of this administrator.

86
00:10:04,320 --> 00:10:07,770
And here the district has no password and help.

87
00:10:07,980 --> 00:10:13,380
And and so I have created these two users before and they are not passwords.

88
00:10:13,380 --> 00:10:14,600
They're connected.

89
00:10:15,360 --> 00:10:20,490
And Nikki, I had just created password before recording this video.

90
00:10:21,300 --> 00:10:23,760
And this is the hash of this Nikias.

91
00:10:25,170 --> 00:10:30,000
So this Peter will dump will also do the same.

92
00:10:31,620 --> 00:10:41,000
So, OK, we need to specify the target so to specify our own target and you'll get the same output

93
00:10:43,200 --> 00:10:52,070
so you can also dump the password, hash this out, that remote user with the username and password

94
00:10:52,200 --> 00:10:53,020
if you specify.

95
00:10:55,110 --> 00:11:02,010
So you need to specify the, uh, IP address and the user user password before the password and then

96
00:11:02,010 --> 00:11:06,180
it will try to grab the password of that robot with permission.

97
00:11:06,510 --> 00:11:11,090
So these are this is all about these three tools over you.

98
00:11:11,430 --> 00:11:15,270
And with the P.W. Dump, you can extract the password.

99
00:11:15,270 --> 00:11:18,300
I shut the computer out, the gender basic login.

100
00:11:18,630 --> 00:11:21,780
Of course, these three are pushed exploration modules.

101
00:11:22,380 --> 00:11:29,640
And if you look at the three types of dump to the dump and with this dump, you can just, uh, get

102
00:11:29,640 --> 00:11:33,720
the hashes and the receipt that you do will get to the hashes.

103
00:11:33,720 --> 00:11:41,270
And also it will get the clear text plaintext password for the users.

104
00:11:41,580 --> 00:11:44,470
So at least one user should be locked for DWC to.

105
00:11:47,990 --> 00:11:53,900
So these are the different tools you can use to dump the bodies, but apart from that matters.

106
00:11:53,900 --> 00:11:59,900
But within a matter what you can just easily, uh, hash them, you can run the government has done

107
00:11:59,990 --> 00:12:03,140
and you can stop using the profiles upper command.

108
00:12:04,760 --> 00:12:07,670
So it's somewhat easier than the normal one.