Important Files

Administrators and Users have the habit of backing up important files and folders into their personal folders, thereby changing the access permissions and making it availble to other users. Here are a list of files that you can watch out for and use for Privilege Escalation.

SAM and SYSTEM

The SAM file is a database that contains the Microsoft Windows Operating System usernames and passwords. This contains only local user details and not Active Directory based users. The user passwords are hashed (NTLM) and stored in this file.

If this file is available to a user, then the user can download and extract the password hashes from this file.

The extraction of hashes can be carried out using either Samdump2 or Impacket-secretsdump.