Posted: 11/11/2012 in Uncategorized

CYBER ARMS - Computer Security

As a penetration tester, how cool would it be (if you had physical access to a system) to be able to grab the passwords off of a Windows system that was sitting at a locked login prompt? And what if you could get these passwords in plain text?

Well, you can!

I’ve been playing around with Mimikatz again. If you haven’t heard about Mimikatz, it is the amazing program made by Gentil Kiwi that amongst other things has the ability to pull plain text passwords from systems. All you need to do is run the Mimikatz program on the target system and it pulls user information from memory that is normally encrypted and displays it as unencrypted text!

I have shown how to use Mimikatz to pull passwords from a remote machine before, so that is nothing new. And yes, Mimikatz works on Windows 8, and has since pre-release versions…

View original post 602 more words

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s