What tools are used to get the hash?

To extract the hash passwords from a victim, some hackers will use Metasploit. By using Metasploit a hacker can create a reverse_tcp payload and use it to establish a meterpreter session on the victim's device. Once a meterpreter session is created, the hacker can dump the contents of the SAM by typing the command hashdump. Before hashdump can be successfully executed, the attacker must type getsystem and getprivs to escalate their level of access on the victim's device. The following lab will demonstrate how this is done. Screenshots are provided to help you follow along.

Step one involves creating a payload to send to the victim. For this lab, we will use msfvenom to create a meterpreter reverse_tcp ...

Get Applied Network Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.