First: Using SAMBA to crack Unix passwords
Theory: You compromise a unix host during a pentest and grab /etc/shadow and /etc/password. You take the entries for root in both and drop them into a unix host that you control that is set up with SAMBA to sync authentication. You then use windows methods to extract the LM/NTLM hash from SAMBA.
Problem: SAMBA doesn’t cache the LM/NTLM hash until the correct one is passed to it.![]()
![]()
![]()
![]()
![]()
↧