2016-03-07 12:17:21 -06:00
The post/gather/hashdump module functions similarly to Meterpreter's built-in hashdump command.
2016-03-24 12:13:03 -05:00
Having this feature as a post module allows it to be used in different penetration testing scenarios.
2016-03-07 12:17:21 -06:00
## Vulnerable Application
To be able to use post/gather/hash_dump, you must meet these requirements:
* You are on a Meterpreter type session.
2016-03-24 12:13:03 -05:00
* The target is a Windows platform.
* It must be executed under the context of a high privilege account, such as SYSTEM.
2016-03-07 12:17:21 -06:00
## Verification Steps
Please see Overview for usage.
## Scenarios
**Upgrading to Meterpreter **
2016-03-24 12:13:03 -05:00
To be able to use this module, a Meterpreter session is needed. To upgrade to a Meterpreter session, the easiest way is to use the post/multi/manage/shell_to_meterpreter module. Or, you can try:
2016-03-07 12:17:21 -06:00
1. Use the exploit/multi/script/web_delivery module.
2. Manually generate a Meterpreter executable, upload it, and execute it.
**High Privilege Account **
Before using post/gather/hashdump, there is a possibility you need to escalate your privileges.
2016-03-24 12:13:03 -05:00
2016-03-07 12:17:21 -06:00
There are a few common options to consider:
* Using a local exploit module. Or use Local Exploit Suggester, which automatically informs you
which exploits might be suitable for the remote target.
2016-03-07 12:29:32 -06:00
* The getsystem command in Meterpreter.
2016-03-07 12:17:21 -06:00
* Stolen passwords.
**Hashdump From Multiple Sessions **
2016-03-24 12:13:03 -05:00
One major advantage of having hashdump as a post module is you can run against it multiple hosts easily. To learn how, refer to Overview for usage.
