1

On a penetration test, I have completely compromised a Linux machine and I am now trying to move around the network. The Linux machine has a mounted CIFS share, and I want to get the password used to connect to that share, because I think that password might be used elsewhere. My question is, where is the password or password hash stored for mounted CIFS shares? Is it in some process's memory, or in some hidden file somewhere? Is it even possible to retrieve the password used?

Bob
  • 79
  • 7
  • Are you familiar with [Samba](https://www.samba.org/)? You might want to look at its [source code](https://www.samba.org/samba/devel/) – CBHacking Sep 01 '21 at 00:39

0 Answers0