Windows Hashes

Hi and welcome to this new video! In this video we continue the "Windows Privilege Escalation" series. Specifically, in this video we analyze how hashes are handled in Windows. We discuss the role of hashes, how hashes are used in authentication, and the different types of hashes that are used in Windows. The focus will be on the LM and NTLM hashes, as well as the Net-NTLMv1 and Net-NTLMv2 hashes. For these hashes we will discuss what is their role, where they can be captured by malicious actors, and how we can crack them using john or hashcat. As always, I hope you find the video helpful, and I would appreciate if you leave your feedback down in the comments, and share this series with like-minded people. Thank you very much! ------------------------- TIMESTAMP 00:00 Introduction 00:50 Why Hash functions? 03:30 Hash Functions and Authentication 06:30 LM Hash 08:55 NTLM Hash 11:00 Obtain LM and NTLM hashes with Mimikatz 13:37 Net-NTLMv1 and Net-NTLMv2 16:50 Obtain Net-NTLMv hashes with Responder 22:00 Other Hashes (Kerberos and DPAPI) 23:50 Hash Cracking ------------------------- REFERENCES - Material: https://github.com/LeonardoE95/yt-en/tree/main/src/2024-12-09-windows-privesc-windows-hashes - Article on LM, NTLM, Net-NTLMv2: https://medium.com/@petergombos/lm-ntlm-net-ntlmv2-oh-my-a9b235c58ed4 ------------------------- CONTACTS - Blog: https://blog.leonardotamiano.xyz/ - Github: https://github.com/LeonardoE95?tab=repositories - Support: https://www.paypal.com/donate/?hosted_button_id=T49GUPRXALYTQ