Let’s talk about the hash crack through post / hashdump and john (john the ripper) of the Metasploit module. Once the meterpreter shell is injected and driven into the target pc, the shell connection is maintained.

  1. Get meterpreter sessionscreenshot-from-2016-11-10-16-04-51
  2. Privilege escalation
  3.  Use post/windows/gather/hashdump module
  4. Since the dump file is still in memory, it can work with john the ripper module.use auxiliary/analyze/jtr_crack_fast