In this section, we will explore different types of attack that are typically performed on a system with physical access.
Physical attacks at the console
samdump2 and chntpw
One of the most popular ways to dump password hashes is to utilize samdump2. This can be done by turning on the power of the acquired system and then booting it through our Kali USB stick by making the required changes in the BIOS.
- Once the system is booted through Kali, by default the local hard drive must be mounted as a media drive (assuming the media drive is not encrypted with PGP or similar), as shown in the following screenshot:
- If the drive is not mountable, the attackers can manually mount the drive by running the following...