Apr 18, 2020 2 min read

Hack Windows PC to get Windows password NTLMv2 hash

Hack Windows PC to get Windows password NTLMv2 hash

Hack Windows PC

In this article, Masschelein Steven shows how to hack Windows PC by backdooring it to get NTLMv2 hash and thus getting Windows password. Masschelein written the following description regarding this vulnerability and exploit:

You now can execute it in 2 ways. I prefer the second part from number 4.

The basic is, I’ve made a vbs script that calls netcat and makes a backdoor on a victim PC. I’ve masked the netcat EXE and the vbs script by making an executable file. I’m doing a man in the middle attack with mitmf and using beef to hook the victim's browser. If we get a hooked browser, then we send the executable through a fake notification bar. If the victim then executes the executable, we now have a netcat backdoor.

The second attack is based on the same principle, do a man in the middle attack with mitmf and send an executable with beef. This time it’s a little different. I’ve had to tweak the python script from mitmf so that the samba server doesn’t start. I’ve made a share on my attacker machine that grands everyone access to that share, then we start Wireshark to get the NTLMv2 hash. Then again the victim browses the internet, we send a fake notification bar. The victim runs our EXE, and we have again a netcat backdoor. Then we make a network share to our shared folder via the command prompt we got. Then we stop the Wireshark capture. We make a new folder in the %APPDATA% folder to copy our second executable file that we have placed in our shared folder. Then, if the file is copied, we make it auto-start on startup so that we have a persistence backdoor. As a final attack, we connect to our network share, we execute the program procdump so that we have a memory dump of the LSASS and disconnect the network drive.

Then we load the mini-dump in mimikatz, and we have the plaintext password.

We also can get the NTLMv2 hash from Wireshark, which is also explained in the document.

> This is a user submitted post that explains in great length on backdooring a PC and getting Windows password & NTLMv2 hash. If you are interested, download a copy of the PDF file for references from the link below.

Download netcat-backdoor-and-ntlmv2-hash.pdf
Download From Uploadboy.com For Free

Install Kali Linux on Virtual Box

Steganography Hide Data using Kali Linux

Privatix free VPN plugin for your web browser

Techie Mike
Techie Mike
Self-taught techie, with a passion for computers and all the cool things you can do with them. Techie Mike, B.Eng. B.Sc.
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Techie Mike - The IT guy in Thailand.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.