To see if we are an admin, let’s try to view one of the admin shares (“C$”, or “ADMIN$”): We can see it completes successfully, so the credentials are good. In Windows, you can utilize the net use command with credentials to establish an SMB connection with a host: This is essentially what Metasploit’s module does. SMB LoginĪn easy way to test credentials is to try to initiate an SMB connection to the machine. This isn’t the best or stealthiest way to do it, but it’s easy to follow and understand. There’s a few ways you can test credentials against a machine from Windows, but for demonstration purposes I’m gonna use the basic net commands. ![]() In the previous post, I used Metasploit’s smb_login and CrackMapExec to test credentials on Windows machines and to see if the compromised account was a local Administrator on any of the machines. Testing Credentials and Exploring the Domain And as a reminder, we have recovered or cracked a single domain user’s account: It is not domain joined, it just sits on the same network. ![]() In this scenario, I have a Windows 7 machine (named ‘win7attack’) connected to the same internal network as the CSCOU.LAB domain. Hopefully this post will shed some light on PsExec by manually re-creating the technique using native Windows tools. A lot of pentesters (myself included) have used the psexec techniques extensively, but until recently I never fully understood what was going on under the hood. In this post I’m gonna explore the popular “PsExec” method (used in both Metasploit and Impacket). In this post, I’m going to delve a little bit into how those tools actually work by re-creating the techniques from a Windows machine.Īll of the tools mentioned in the previous post (psexec, wmiexec, etc) are essentially re-implementations of core Windows functionality, and every technique can be used natively from within Windows. ![]() ![]() In Part 1, I listed some common tools and techniques to use domain credentials to execute commands on Windows machines from Kali linux.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |