Results 1 to 2 of 2

Thread: Grabbing NTLM hashes from a Windows Server

  1. #1
    Join Date
    Jan 2006

    Default Grabbing NTLM hashes from a Windows Server


    Ok, consider this scenario.

    I have managed to gain LAN access to a network, but have no Windows credentials (i.e hacked wireless, or have physcial port access).

    The ways I know of to grab NTLM password hashes are:

    Using something using something like metasploit
    ARP Poisoning to sniff NTLM passwords as users authenticate with DC (I think?)
    Using something like pwdump or fgdump to nab them.

    Today I have been playing with pwdump/fgdump.

    Testing on my own network is fine, as I have adminsitrator priv's, can disable AV (McAfee), etc.

    But on a real pentest environement I will have neither of these.

    What is the best way to grab these (stealthily) so that I can crack them with the various hash cracking tools later on?

  2. #2
    Just burned his ISO
    Join Date
    Sep 2012

    Default Re: Grabbing NTLM hashes from a Windows Server

    Hy there

    Actually i'm working on the same Goals...
    Today, i tried with ARP Poising to sniff some Hashes from the Domain Controller, without luck ;-)
    (But, i didn't spend a lot of time...)

    The way worket for me, was simpler. (Because you need to know the Domain Controller...)
    I realized that theres a SharePoint Server and the Traffic was routet Out of the Lan (perhaps a guest Lan).
    So, i simply poisgned route from my victim to the router and this way i received the hash ;-)

    In the near future - i trie to catch a hash from a domain controller, if i find some time.
    Let me know, the status of your project ;-)

Similar Threads

  1. question about cracking NTLM hashes
    By mia_tech in forum Beginners Forum
    Replies: 1
    Last Post: 09-13-2010, 09:15 PM
  2. Sniffing XP NTLM hashes in a domain
    By icedark in forum OLD Newbie Area
    Replies: 0
    Last Post: 11-18-2008, 05:48 PM
  3. VMware Server and Windows Server 2003
    By Zo7779 in forum OLD General IT Discussion
    Replies: 3
    Last Post: 05-08-2008, 05:53 AM
  4. Script to get windows hashes
    By questions in forum OLD Tutorials and Guides
    Replies: 1
    Last Post: 03-06-2008, 07:16 PM
  5. Capture Password Hashes from Patched Windows Machines
    By Ferdinandthebull in forum OLD Tutorials and Guides
    Replies: 1
    Last Post: 01-08-2008, 08:12 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts