lasie Posted January 1, 2019 Share Posted January 1, 2019 Hi pros, I recently got a Lan Turtle for doing a pentest against my network. My purpose is to be able to remotely login to my network and be able to access the user database to see all usernames and passwords. I am not quite sure of which exploit to use in achieving this. Any help please. Link to comment Share on other sites More sharing options...
lasie Posted January 1, 2019 Author Share Posted January 1, 2019 Hi, anyone assistance, guys? Link to comment Share on other sites More sharing options...
TheZeal0t Posted January 4, 2019 Share Posted January 4, 2019 What precisely do you mean by "user database"? Are you talking about recovering password hashes for users from Windows machines? Linux? Mac OS X? Or from an actual database? To get password hashes for the OS, you have to have Administrator (Windows) or root (Linux / Mac OS X) permissions. Windows password hashes reside in the Security Account Manager file (SAM file... and that is its name), or /etc/shadow on Linux / Mac OS X. Which exploit you will use to get Administrator or root will depend on a huge number of factors, including: How well is the system defended? How strong are the passwords? What services / ports are active and listening? Are any applications running as NT Authority\SYSTEM or root? Is anyone dumb enough to tell you their credentials over the phone, in response to an email, or on a fake credential-harvesting web site? Link to comment Share on other sites More sharing options...
m40295 Posted January 10, 2019 Share Posted January 10, 2019 https://en.m.wikipedia.org/wiki/ARP_spoofing https://en.m.wikipedia.org/wiki/Ettercap_(software) http://smwiki2014.wikidot.com/wiki:password-sniffing-using-ettercap 3 quick searches lots to read for ya but this should get you started Note. this will not work on https just http Good luck Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.