CREDENTIAL HARVESTING FROM INTERNAL DATABASE

[lasie]

Hi pros, I recently got a Lan Turtle for doing a pentest against my network. My  purpose is to be able to remotely login to my network and be able to access the user database to see all usernames and passwords. I am not quite sure of which exploit to use in achieving this. Any help please.

[lasie]

Hi, anyone assistance, guys?

[TheZeal0t]

What precisely do you mean by "user database"?  Are you talking about recovering password hashes for users from Windows machines?  Linux?  Mac OS X?  Or from an actual database?

To get password hashes for the OS, you have to have Administrator (Windows) or root (Linux / Mac OS X) permissions.  Windows password hashes reside in the Security Account Manager file (SAM file... and that is its name), or /etc/shadow on Linux / Mac OS X.

Which exploit you will use to get Administrator or root will depend on a huge number of factors, including:

1. How well is the system defended?
2. How strong are the passwords?
3. What services / ports are active and listening?
4. Are any applications running as NT Authority\SYSTEM or root?
5. Is anyone dumb enough to tell you their credentials over the phone, in response to an email, or on a fake credential-harvesting web site?

[m40295]

https://en.m.wikipedia.org/wiki/ARP_spoofing

https://en.m.wikipedia.org/wiki/Ettercap_(software)

http://smwiki2014.wikidot.com/wiki:password-sniffing-using-ettercap

3 quick searches   lots to read for ya   but this should get you started 

Note. this will not work on https  just http

Good luck     

Edited January 10, 2019 by m40295
Added http only line