Grabbing NTLM hashes from a Windows Server

view full story

http://www.backtrack-linux.org – Hi Ok, consider this scenario. I have managed to gain LAN access to a network, but have no Windows credentials (i.e hacked wireless, or have physcial port access). The ways I know of to grab NTLM password hashes are: Using something using something like metasploit ARP Poisoning to sniff NTLM passwords as users authenticate with DC (I think?) Using something like pwdump or fgdump to nab them. Today I have been playing with pwdump/fgdump. Testing on my own network is fine, as I have adminsitrator priv's, can disable AV (McAfee), etc. But on a real pentest environement I wi (HowTos)