tag:blogger.com,1999:blog-8539880144347728238.post1372843505604573531..comments2024-01-24T04:15:08.086-05:00Comments on Carnal0wnage Blog: Token Passing with Incognito Part 2Unknownnoreply@blogger.comBlogger4125tag:blogger.com,1999:blog-8539880144347728238.post-22914466556501262002008-05-15T11:25:00.000-04:002008-05-15T11:25:00.000-04:00looks like i need to take another look at it then....looks like i need to take another look at it then. thanks for the heads up.CGhttps://www.blogger.com/profile/11061967917509053185noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-85359552597019920852008-05-15T11:23:00.000-04:002008-05-15T11:23:00.000-04:00gsecdump -u will dump active login sessions includ...gsecdump -u will dump active login sessions including domain users. Just like in your post, it will also give you the hash of a user who has logged in but since logged out (untell the next reboot). I have used this very easy tool to get domain admin on several pen tests. Seems to be simpler than incognito. Maybe incognito has other benefits that gsecdump does not.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-2163681895403861622008-05-15T11:04:00.000-04:002008-05-15T11:04:00.000-04:00depends. on a single box maybe. in a domain (most ...depends. on a single box maybe. in a domain (most likely) the hashes you will dump will be local accounts on THAT BOX and not domain credentials unless of course you've popped the DC.<BR/><BR/>those tools also involve me uploading the executable to the remote box where if you use metasploit incognito is built in and no extra binaries to worry about.CGhttps://www.blogger.com/profile/11061967917509053185noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-65791586163723961712008-05-15T10:49:00.000-04:002008-05-15T10:49:00.000-04:00Wouldn't it be easier to use a tool like gsecdump ...Wouldn't it be easier to use a tool like gsecdump or pstoolkit and get the domian hash and use pass-the-hash?Anonymousnoreply@blogger.com