Hacking Notes
Hacking Notes
Hacking NotesOSINT
Hacking Notes
Hacking NotesOSINT
  • Red Team Operator
  • My Blog
  • General
    • Transferring Files
      • Serving Your Files
      • Transferring Files To Linux
      • Transferring Files To Windows
    • File Types
      • .vhd
    • Kali Linux General Configurations
  • OSINT
  • Enumeration
  • Web Applications
    • Web Vulnerabilities
      • Web App Red Team Checklist
      • SSRF (Server Side Request Forgery)
      • Blind Data Exfiltration via DNS
      • XSS
      • XXE
      • XPath Injection
    • APIs
      • Web API Indicators
      • Passive Reconnaissance
      • Active API Reconnaissance
  • Active Directory
    • Wireless Pentesting
  • Report Writing
    • Wireless Pentesting
Powered by GitBook
On this page
  • Viewing Files
  • Mounting
  • Extracting Credentials

Was this helpful?

  1. General
  2. File Types

.vhd

What is a .vhd?

.vhd stands for virtual hard disk. A virtual hard disk (VHD) is a disk image file format for storing the entire contents of a computer's hard drive.

Viewing Files

7z l filename.vhd

using 7zip you can quickly look at the file structure of the virtual hard drive. This is useful to see if there are any important files or directories you should explore further. You can also replace the l option with x to extract instead of view.

Mounting

guestmount --add filename.vhd --inspector --ro /directory/to/mount/to

The guestmount tool allows you to mount the virtual hard drive and explore the file system normally. The --ro flag stands for read only, so you will have to copy the files elsewhere to make changes. Add the -v flag for verbose output.

Mounting a virtual hard disk can take upwards of a few minutes.

Extracting Credentials

Files to look for, besides non-standard:

C:\Windows\System32\config\SAM
C:\Windows\System32\config\SYSTEM
C:\Windows\NTDS\ntds.dit // Only on Domain Controller

To extract the credentials, copy the files with:

 cp SAM SYSTEM /local/directory

Use impacket to dump secrets. Exclude ntds.dit if you do not have it.

impacket-secretsdump -sam SAM -system SYSTEM -ntds NTDS.DIT local

This is not every important default file on a .vhd, just the ones I have run into on engagements. Always be on the lookout for non-standard files and directories.

PreviousFile TypesNextKali Linux General Configurations

Last updated 8 months ago

Page cover image