Meterpreter Kiwi plugin

The Meterpreter Kiwi plugin is an advanced post-exploitation tool within the Metasploit Framework, specifically designed for interacting with and extracting sensitive data from compromised Windows systems. Kiwi is an extension of the Meterpreter payload and incorporates features from Mimikatz, a well-known post-exploitation tool used for extracting passwords, hashes, and other credentials from Windows systems.

Migrate the current process into lsass.exe

migrate -N lsass.exe

Step 8: Load kiwi extension.

Command:

Step 9: Dump Administrator NTLM hash using Kiwi extension commands.

Command:

This revealed the flag to us:

Administrator User NTLM Hash: e3c61a68f1b89ee6c8ba9507378dc88d

Step10: Extract all the users NTLM hash using Kiwi.

Command:

This revealed another flag to us:

Student User NTLM Hash: bd4ca1fbe028f3c5066467a7f6a73b0b

Step 11: Find the syskey by dumping the LSA secrets.

Command:

This revealed another flag to us:

Syskey: 377af0de68bdc918d22c57a263d38326