杂谈
继之前《给你一台电脑》系列受到了用户的广大好评
data-postsbox="{"id":4655,"title":"给你一台电脑,你能把本机的微信聊天记录拿下吗?","author":"热心网友","author_id":9547,"cover_image":"","cover_video":"","views":8455,"comment_count":1006,"category":"knowledge","is_forum_post":false}">{"id":4655,"title":"给你一台电脑,你能把本机的微信聊天记录拿下吗?","author":"热心网友","author_id":9547,"cover_image":"","cover_video":"","views":8455,"comment_count":1006,"category":"knowledge","is_forum_post":false}
data-postsbox="{"id":4790,"title":"给你一台电脑,你能把拿到WIFI密码吗?","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":4706,"comment_count":177,"category":"knowledge","is_forum_post":false}">{"id":4790,"title":"给你一台电脑,你能把拿到WIFI密码吗?","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":4706,"comment_count":177,"category":"knowledge","is_forum_post":false}
相关阅读
浏览器密码导出方式Get!
data-postsbox="{"id":1993,"title":"密码疑似泄露?究竟问题出在哪儿?如何导出浏览器中的密码?","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":8817,"comment_count":109,"category":"knowledge","is_forum_post":false}">{"id":1993,"title":"密码疑似泄露?究竟问题出在哪儿?如何导出浏览器中的密码?","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":8817,"comment_count":109,"category":"knowledge","is_forum_post":false}
本期将针对Windows系统管理员账户做一期攻略。
Mimikatz工具获取系统NTLM密码
以管理员方式打开(如果报毒请加白)
校验管理员权限(每次都要先输入这个哦,不然后面命令会提示ERROR kuhl_m_sekurlsa_acquireLSA ; Handle on memory (0x00000005))
privilege::debug
这里看到是20 OK代表权限正常,然后我们才可以进行后面的操作
查看账户全部密码
sekurlsa::logonpasswords
然后我们将看到系统中所有能看到的账户密码
账户是邮箱663962@qq.com,密码是经过NTLM加密的C3DF0CEFD36BC1508AFC3F54102BB637
然后,我们需要做的就是想办法对NTLM进行解密即可咯!
NTLM解密
Windows主要的密码主要使用NTLM进行加密的,因此我们这里提供2种思路来对密码进行解密。
在线解密
在线解密主要通过以下两个网站
我们以上面获取的微软账户经过NTLM加密的密码为例
C3DF0CEFD36BC1508AFC3F54102BB637
CMD5在线解密
类型要选择NTLM
啊这,居然要花钱。任性解密看下,花了1点看到结果是fancypig
Ophcrack在线解密
老外的这个就比较香了!
在右侧框中输入C3DF0CEFD36BC1508AFC3F54102BB637进行解密
发现明文密码是fancypig
离线解密
离线解密我们之前讲过HashCat,详细参考
data-postsbox="{"id":5494,"title":"【视频教程】如何高效、优雅地破解密码?hydra、Hashcat你值得拥有!","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2021/12/20211218022439993.png","cover_video":"","views":5287,"comment_count":167,"category":"cybersecurity","is_forum_post":false}">{"id":5494,"title":"【视频教程】如何高效、优雅地破解密码?hydra、Hashcat你值得拥有!","author":"FancyPig","author_id":1,"cover_image":"https://static.pigsec.cn/wp-content/uploads/2021/12/20211218022439993.png","cover_video":"","views":5287,"comment_count":167,"category":"cybersecurity","is_forum_post":false}
如果你没有时间,可以不用看视频,直接进入下面的实操环节!
打开我们的Kali Linux
- 如果没有Kali Linux可以参考我们之前的教程
data-postsbox="{"id":2210,"title":"Kali linux最新版 安装方法以及常见问题解答","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":6747,"comment_count":28,"category":"cybersecurity","is_forum_post":false}">{"id":2210,"title":"Kali linux最新版 安装方法以及常见问题解答","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":6747,"comment_count":28,"category":"cybersecurity","is_forum_post":false}
打开终端,输入下面的命令,进行离线解密,字典库读取password.txt(点击获取更多字典库文件资料),并将结果输出到output.txt
hashcat -a 0 -m 1000 --force 'C3DF0CEFD36BC1508AFC3F54102BB637' password.txt -o output.txt
然后在output.txt里就可以看到离线破解出来的结果了
常见疑惑
解释:为什么我的看不到本地密码而是微软账户?
由于我的电脑一直是挂着微软的账户,因此我们输入上面的sekurlsa::logonpasswords命令后只能看到微软账户的密码
你可以尝试使用我们提供的方法看下能不能找到自己的密码!
小工具分享
获取本机所有明文密码的工具(适用于Windows、Mac、Linux)
基础知识点总结