Notes
Notes - notes.io |
In this lab, you will use Mimikatz to obtain NTLM hashes for Windows 10 accounts.
Caution
Do not perform this lab on your host computer. To complete the lab safely, the steps must be performed inside of the VM.
Part 1: Setting Up Mimikatz
1
Start your Windows 10 VM and log in.
2
Click Start, type Windows security, and then press Enter to open the Windows security app.
3
Click Virus & threat protection, and then click Manage settings under Virus & threat protection settings.
4
Toggle all protections to Off. What does this mean for your typical system and for using Mimikatz?
5
Close the Windows security window, and open a web browser.
6
Navigate to github.com/gentilkiwi/mimikatz/releases inside of your VM.
7
In the first entry, click mimikatz_trunk.zip to download the binary installation.
8
Click Open file in the Downloads area once the download has completed.
9
Click the Compressed folder tools tab, and then click Extract all.
10
Click Browse, select the Desktop, click Select Folder, and then click Extract to uncompress the files to your desktop inside of the VM.
11
Press the Windows+R keys to open the Run dialog box, type regedit, and then press Enter to open the Registry Editor. What does this mean about the credentials needed on the Windows 10 system?
12
Expand HKEY_LOCAL_MACHINE, right-click SAM, and then select Export.
13
Select Desktop, and then select Win32 to save the exported registry hive files in the same place as the executable for Mimikatz.
14
Select a file type of Registry hive files, type SAM as the name, and then click Save.
15
Right-click SYSTEM, and then select Export.
16
Select a file type of Registry hive files, type SYSTEM as the name, and then click Save to save the file in the same place as the SAM hive.
17
Close the Registry Editor.
Part 2: Using Mimikatz
1
Close all windows, click Start, type command prompt, right-click Command Prompt, and then click Run as administrator.
2
Type cd C:UsersstudentDesktop and press Enter, and then type dir and press Enter to confirm that Mimikatz was extracted in this location.
3
Type cd Win32 and press Enter to navigate into that directory.
4
Type dir and press Enter to confirm that your SAM and SYSTEM hives are present and that mimikatz.exe is also present.
5
Type mimikatz.exe and press Enter to launch Mimikatz.
6
Type privilege::debug and press Enter to check the privilege level, which should be “20” at this point.
7
Type !+ and press Enter to bypass some built-in Windows protections. An error is okay here.
8
Type token::elevate and press Enter to give Mimikatz admin privileges temporarily. Hint: You will know the command worked if you see a process after the SID name line.
9
Type lsadump::sam sam.hiv system.hiv and press Enter, and then examine the results. Do you see a hashed password for student and student2? What could you do with these hashes?
10
Compare the two hashes. What do you notice?
11
Highlight the hash for student or student2 and press Ctrl+C to copy it to the Clipboard.
12
On your host machine, navigate to md5decrypt.net/en/Ntlm/, paste the hash into the box, and then click Decrypt. Why did the site not find your plaintext password? What does that tell you about the way this site operates?
13
Return to your VM, type exit, and then press Enter to exit Mimikatz.
14
Type exit and press Enter to close the Command Prompt window.
Part 3: Clean Up
1
Click Start, type Windows security, and then press Enter to open the Windows security app.
2
Click Virus & threat protection, and then click Manage settings under Virus & threat protection settings.
3
Toggle all protections to On.
4
Click Quick scan to run a quick malware scan. Does it locate any threats?
5
Click Start actions to clean up the system.
6
Click Protection history. Do you see Mimikatz in the alerts?
7
Close the Windows security app.
8
Delete all the files from the Downloads folder and the desktop, right-click the Recycle Bin icon, select Empty Recycle Bin, and then select Yes to permanently delete the files.
9
Close all windows and shut down your Windows 10 VM.
|
|
Notes is a web-based application for online taking notes. You can take your notes and share with others people. If you like taking long notes, notes.io is designed for you. To date, over 8,000,000,000+ notes created and continuing...
With notes.io;
- * You can take a note from anywhere and any device with internet connection.
- * You can share the notes in social platforms (YouTube, Facebook, Twitter, instagram etc.).
- * You can quickly share your contents without website, blog and e-mail.
- * You don't need to create any Account to share a note. As you wish you can use quick, easy and best shortened notes with sms, websites, e-mail, or messaging services (WhatsApp, iMessage, Telegram, Signal).
- * Notes.io has fabulous infrastructure design for a short link and allows you to share the note as an easy and understandable link.
Fast: Notes.io is built for speed and performance. You can take a notes quickly and browse your archive.
Easy: Notes.io doesn’t require installation. Just write and share note!
Short: Notes.io’s url just 8 character. You’ll get shorten link of your note when you want to share. (Ex: notes.io/q )
Free: Notes.io works for 14 years and has been free since the day it was started.
You immediately create your first note and start sharing with the ones you wish. If you want to contact us, you can use the following communication channels;
Email: [email protected]
Twitter: http://twitter.com/notesio
Instagram: http://instagram.com/notes.io
Facebook: http://facebook.com/notesio
Regards;
Notes.io Team
