« Class 101 - Automating the process of fingerprinting Web Applications and Identifying Vulnerabilities. | Main | Microsoft Patch Tuesday, December 2012 – 99 Bottles of Beer on the Wall »

11 December 2012

Comments

When you know how to do, you can prevent too

"How to Hack and Not Get Caught" ??
-- You mean "How to CRACK and Not Get Caught"

There is nothing wrong with hacking....

1. Safety and security are two sides of the same coin. Improving one improves the other.
2. You cannot assume that attackers only want to steal, not disrupt. 9/11 bombers, Anonymous DDoSers, you name it. Radicals want to do as much damage as they physically are able to do, so don't sugarcoat pentesting, do the job for real, only stopping just before any real damage is done. Stealth mode? You gotta be joking.

Great post and I completely agree with most of your assertions, but
dumping hashes on a Windows system shouldn't be an exception to utilizing native tools. There are several ways, including just stealing the SYSTEM/SAM (or NTDS.DIT on a DC) with Volume Shadow Copies http://pauldotcom.com/2011/11/safely-dumping-hashes-from-liv.html or utilizing PowerShell scripts like the one available at https://www.trustedsec.com/downloads/tools-download/, to avoid going against a mantra I would add: "Don't write anything to the disk." If PowerShell is installed, you don't need binaries just PowerSploit https://github.com/mattifestation/PowerSploit.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment