Physical attacks at the console
In this section, we will explore different types of attack that are typically performed on a system where physical access is possible.
samdump2 and chntpw
One of the most popular ways to dump password hashes is to utilize samdump2. This can be done by turning on the power of the acquired system and then booting it through our Kali USB stick by making the required changes in the BIOS (say, in Lenovo, one can press F12 to bring up the boot menu and select the USB):
- Once the system is booted through Kali, by default the local hard drive must be mounted as a media drive (assuming the media drive is not encrypted with BitLocker or something similar), as shown in Figure 5.2:
Figure 5.2: All mounted disks on Kali Linux
- If the drive is not mounted by default, the attackers can manually mount the drive by running the following commands:
mkdir /mnt/target1 mount /dev/sda2 /mnt/target1 - Once the system...
