When conducting penetration tests against Windows environments, you often need to retrieve credentials / hashed passwords after you have successfully compromised a target machine. There are several ways to do this depending on what type of machine the target is (e.g. normal server / workstation vs Domain Controller).
What you will learn
After completing this scenario you will learn where Windows stores local password hashes and where it stores domain password hashes, and how to retrieve them after compromising a target (the scenario assumes you have already compromised the target)
This scenario contains one virtual machine running a windows operating system, which you need to connect to / interact with.
It is highly advisable to be familiar with the hashing algorithms that Windows uses to store passwords. You can complete the Scenario "Windows Passwords 101" to become familiar
It is also advisable to be somewhat familiar with the concept of Windows Domains, but this is not necessary. If you like, you can complete the Scenario "Windows Domains 101" to become familiar.
- TIME120 MINUTES
- COST10 CRYSTALS