Local Admin --> Domain Admin ??
I have been trying to expand my knowledge, so I have set a lab with the following configuration:
Fully Patched Windows 2003 Server (Acting as a domain controller)
Unpatched Client Machine (XP), which is joined to the above domain.
Since I have been able to compromise the client machine, I was able to get the local hashes, and have been able to crack them using rainbow tables. My question is there any possible way to get Domain Passwords.
I have read about "CacheDump" tool, which will get the hashes for the last 10 logged in users (something called MSCash), and have been able to get the hashes. However, seems that these hashes cannot be cracked using rainbow table, as they came in the following format:
So any idea on the above scenario ?
Thanks alot in advance,
JTR or Cain is the way to go
John works well for any password cracking. Cain, albeit slower, also has great cracking abilities for cached passwords, and a rather attractive (in comparison) GUI, if you want to go that route.
Originally Posted by l1nuxant_ee
Essentially, I'm just repeating what has already been said. Let us now if you have any problems.