CrackMapExec
Dump Hashes in for cracking and move laterally in network; Various Protocols – rdp, winrm, ldap, ssh, mssql, smb, ftp;
—shares Enumerate shares to show accounts that are vulnerable;
—sessions shows active sessions
Get-Service script to check if antivirus is running on target machine
enum_avproducts shows antivirus details
—sam dumps sam hashes
—kerberoasting shows if target system is vulnerable to kerberoasting
Responder
A network infrastructure penetration testing tool; man in the middle attack tool; intercepts requests and impersonates users; SMB, mssql, http, ldap, smtp, imap, dns, arp spoofing; Request can contain hashes;
Hashcat
Utilise .txt password wordlists (libraries) and generic hash types to crack;
md5sum writes hash
cut -d ‘ ‘ removes characters from hash request
John The Ripper
Can crack SSH Private Key Paswords;
ssh2john to convert rsa into txt file
use wordlists
Hydra
Bruteforce passwords/login pages; rdp, http, ; hydra can replace ‘Admin’ credential and ‘Password’ credential with wordlists for us;
Bloodhound
Used to identify vulnerabilities in AD; Feed data from previous enumeration (Can use sharphound etc); Can view network nodes and relationships between them, groups; Shows user permissions and capabilities; Suggests how to abuse vulnerabilities; USeful for deciding on how to excalate priviliges and identify targets;[WHEN INITIALISING IN DOCKER BE SURE TO GET INTIAL PASSWORD FROM TERMINAL OUTPUT, refer to tutorial]
Medusa
Uses modules for specific ports; For Cracking Passwords; Can attempt to login to multiple hosts, with multiple services, with multiple passwords at once;
Burp Suite
Broken Authentication Attacks; Web intercept; Proxy intercept; Cookie saving and editing; Request intercepts; Use Mutillidae (Hackable website) or Metasploitable to practice and explore;
Leave a Reply