Cached AD Credentials

🧠 What’s the Deal?

Possible to get hashes of other users — we can crack and get access to their accounts or we can reuse the hashes for other attacks

Kerberos make use of Single Sign-On passwords and hahes must be stored somewhere in the computer in the order to renew a TGT request. These Hashes are stored in 'Local Security Authority Sub-System Service' (LSASS) memory space, If we gain access to these hashes we could crack then or reuse.

🎯 What’s the Big Win?

What’s the attacker trying to pull off here?

Gain unauthorized access
Extract sensitive data
Escalate privileges
Lateral movement across the network

🧰 Gear Up (Prereqs)

Don’t go in empty-handed. What do you need beforehand?

System Access/ Local Administrator (LSASS is part of OS and runs as system)

🚀 Launch Sequence (How-To)

Here’s how the magic happens — step by step.

# Use mimikatz and execute it in windows and run below commands:
1. privilege::debug
2. sekurlsa::logonpasswords

You will get all the stored hashes you can use hashcat to crack it.

🧠 What’s the Deal?​

🎯 What’s the Big Win?​

🧰 Gear Up (Prereqs)​

🚀 Launch Sequence (How-To)​

🧠 What’s the Deal?

🎯 What’s the Big Win?

🧰 Gear Up (Prereqs)

🚀 Launch Sequence (How-To)