5

I have a very uncommon scenario. I have a Windows 10 laptop with a specific configuration. On that configuration there is a user (local user, not domain user) which I don't know its password. I want to migrate that user to other Windows 10 computer trying to keep its password.

Of course I already tried to decrypt the password. I already extracted the hash from sam file and tried some unsuccessfully rainbow tables attacks using ophcrack, but the target is not hack the account, the point is try to create the user in the same state on a new laptop. I already have administrator rights on both laptops. I tried also unsuccessfully metasploit+mimikatz but the user never logged on the computer so I guess mimikatz can't work on this.

Does anybody know a way to achieve something like this?

OscarAkaElvis
  • 5,185
  • 3
  • 17
  • 48
  • 1
    I think chntpw can do this. You'll need to boot second computer off live CD/USB – paj28 Jun 24 '17 at 10:39
  • Nice! I didn't know about this tool. I'll try it. Maybe you can put the same as an answer and if it works I'll mark it as resolved. Thanks. – OscarAkaElvis Jun 24 '17 at 10:41
  • It seems with that application you can reset the password... but can't inject the hash I already have. :/ Any alternative or idea? There are a lot of methods to reset the password but it seems there is no option for what I want to do. – OscarAkaElvis Jun 25 '17 at 23:32
  • Oh well. A simple source code change could probably add that feature, but looks like you got a better answer – paj28 Jun 26 '17 at 05:42

1 Answers1

3

This is definitely possible after a recent updates to both Mimikatz and Meterpreter. Please refer to the following links:

Good luck!

OJ.
  • 371
  • 1
  • 5