laker8133 Posted November 25, 2006 Share Posted November 25, 2006 I am currently taking Computer Security and Investigations at Fleming College. We have a pentration course in which you have to hack into a remote machine and crack the Sam file. With the help of nmap we are able to find the computers on the lab and metaspoilt helps us exploit them. We normally use Backtrack, Auditor. My question to you guys is , with the USB hacksaw stuff coming out locally cracking a host machine. Would it be possible with using nmap as well modifiying the hacksaw so that you can get the all the sam files in the sam subnet? I do realize that there are versions of Nmap for the U3 as well as Metasploit framework is made for Windows as well. Thanks for taking the time to answer my question Paul Quote Link to comment Share on other sites More sharing options...
DLSS Posted November 25, 2006 Share Posted November 25, 2006 wow ok so first of all , what are teh minimum requirements for the coarse ? (am currently doing (5th year) kantoor , in 2 years elab and thinking bout continuing study's ... originally did commerce but flunked for french ...) anyway seeing nmap is a commandline application i presume u'll b able to make a batch script to pass commands to it .... metasploit hower i have my doubts about , i kno there is some batch functionality but .... aww hell the other guys here can help u further and give some better advise .... the key with the hacksaw and switchblade is just linking stuff up with batch and vbs scripts so if this can be done with metasploit and nmap then they can be used in a switchblade / hacksaw . greets , DLSS (my bet for person with best advice is VAKO :P) Quote Link to comment Share on other sites More sharing options...
laker8133 Posted November 26, 2006 Author Share Posted November 26, 2006 Basically the targets are pretty simple Win 2k boxes and 1 linux box. Again suppose to crack the password. Metaspoilt lsass exploit and win_reverse or win_reverse_vnc_inject works. That much I know. Well any how to guides, or any points in the right direction would be nice. I have the memorex u3 travel drive and I'm willing to experiment. Thanks Paul Quote Link to comment Share on other sites More sharing options...
majk Posted November 26, 2006 Share Posted November 26, 2006 Basically the targets are pretty simple Win 2k boxes and 1 linux box. Again suppose to crack the password.Metaspoilt lsass exploit and win_reverse or win_reverse_vnc_inject works. That much I know. Well any how to guides, or any points in the right direction would be nice. I have the memorex u3 travel drive and I'm willing to experiment. Thanks Paul I'm sure it could be done. Just use Nmap to scan and save the results in a file, then use metasploit to exploit the hosts you want and retrieve the SAM-file, maybe sending an FTP-upload command as the payload. You can't really use win32_reverse or win_reverse_vnc_inject if you want to automate it. I'd go for a simple command as the payload instead. EDIT: Forget about FTP, I just realized it was the SAM-file you're after, you can't copy the SAM-file like that. No you'd have to upload a program like pwdump2, dump the hashes and then get them back to your computer. I guess you could use win32_exec to do all that, using FTP, TFTP or whatever tools you have availiable. I know meterpreter can dump the hashes too but I'm not sure it can be automated. EDIT2: Or how about using win32_adduser, adding a new user and than using pwdump4 or whatever version supports dumping the hashes over the network with the user and pass from your new user. There's definitely ways you can do this just experiment some and learn about the tools and you should be able to do it. Quote Link to comment Share on other sites More sharing options...
laker8133 Posted November 26, 2006 Author Share Posted November 26, 2006 You can copy out the sam file directly, It's saved under Windows / system32 /restore. That a back up incase the one the current one has issues. Anyways just trying to get some ideas, bascially, Pentesting is cool and all I just wish I could go automatically. I will try some things you guys talk about Monday as it will be a Fun time to try it :D Thanks for the advice. All advice is welcomed Quote Link to comment Share on other sites More sharing options...
majk Posted November 26, 2006 Share Posted November 26, 2006 You can copy out the sam file directly, It's saved under Windows / system32 /restore. That a back up incase the one the current one has issues. Anyways just trying to get some ideas, bascially, Pentesting is cool and all I just wish I could go automatically. I will try some things you guys talk about Monday as it will be a Fun time to try it :D Thanks for the advice. All advice is welcomed Yeah you can, but as far as I have seen that backup SAM-file is usually much smaller and doesn't contain the same data as the original SAM-file. And infact, looking at my own computer, there's not even a SAM file in the restore-folder at all. But that's just what I've experienced. Quote Link to comment Share on other sites More sharing options...
Spartain X Posted November 29, 2006 Share Posted November 29, 2006 Basically the targets are pretty simple Win 2k boxes and 1 linux box. Again suppose to crack the password.Metaspoilt lsass exploit and win_reverse or win_reverse_vnc_inject works. That much I know. Well any how to guides, or any points in the right direction would be nice. I have the memorex u3 travel drive and I'm willing to experiment. Thanks Paul dude learn to use the meterpreter it the most powerful payload but for quick work the vnc payload is good. Quote Link to comment Share on other sites More sharing options...
majk Posted November 29, 2006 Share Posted November 29, 2006 Basically the targets are pretty simple Win 2k boxes and 1 linux box. Again suppose to crack the password.Metaspoilt lsass exploit and win_reverse or win_reverse_vnc_inject works. That much I know. Well any how to guides, or any points in the right direction would be nice. I have the memorex u3 travel drive and I'm willing to experiment. Thanks Paul dude learn to use the meterpreter it the most powerful payload but for quick work the vnc payload is good. Meterpreter is great, like I said before you can dump the hashes right from it and much more. But can you automate/script it? Not as far as I know. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.