Hey guys, first of all it's a pleasure to be here. I've learned a lot from this community as a lurker, and this is the first time I've had a question I couldn't find information on using Search or other web resources.
So I'm a systems admin at a Managed Services Provider, and I just had a new server box assigned to me as a lab box to tool around in. Unfortunately, it's very old and nobody remembers the password to it. Being in our lab environment, it's also not connected to other parts of our infrastructure such as our domain, so it only has local credentials.
No problem right? Plug in a Kali thumbdrive with persistence and use bkhive to dump the hash and crack it, right? Or at least that was what I was going to try. When I run fdisk -l, I don't see any windows partitions. Weirdly enough, I see a 500GB Linux swap partition(which isn't related to my Kali thumbdrive, which has 64GB overall)
The Server is running 2012 R2, and I'm kind of left scratching my head and wondering what to do now. If I can't see the filesystem, I'm not sure how to proceed to mount it and get the SAM file. Any ideas? I'm pretty new at this, so I'm sure I must be overlooking something. TIA
2 Responses
Greetings, Does the server have the Windows GUI logon?
(The rest is pending)
Yes, it's running with the gui and not in Core. All I have is the local Administrator account available, I don't think we ever set this server up on the domain controller for the lab.(Truth be told I don't think the DC for the lab is even turned on half the time, we just kind of make our own virtual DC and virtual servers in the lab)
Share Your Thoughts