Electronic Books

308


Practical Hacking Techniques and Countermeasures
Click the
Run it
again
button. View the results.
Each password from the password file will be executed against the target.
Each incorrect password will return a result of
bad
. The correct result will
return a result of
good
.
In this example, the username of
mmouse
with the password of
mmouse1
returns a result of
good
.
*Note:
I cannot stress enough the importance of this tool for either an attacker or a
vulnerability/penetration test. The sheer amount of tools available is incredible.
Brute Force


309
Lab 54: Retrieve Password Hashes
Extract Password Hashes: FGDump
Prerequisites:
Administrative access
Countermeasures:
Strong Administrator passwords, strong password policy
Description:
The FGDump application was written to obtain the password
hashes from the Security Accounts Manager (SAM) file on the target
computer. The process includes:


Binding to a machine using the Inter-Process Communication (IPC$)
or list of targets


Stopping the running of antivirus programs


Locating writable file shares


Uploading fgexec (for remote command execution) and cachedump


Executing pwdump


Executing cachedump


Deleting uploaded files from the file share


Unbinding from the file share


Restarting any antivirus programs


Unbinding from IPC$
*Note:
Even though an Administrator account is required, I prefer this tool over the
Pwdump application as all the work is done for me and the antivirus program
is shut down and restarted.


Pages:
107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131