AuthTools:NOTES

AuthTools:NOTES

CrackMapExec

Dump Hashes in for cracking and move laterally in network; Various Protocols – rdp, winrm, ldap, ssh, mssql, smb, ftp;

—shares Enumerate shares to show accounts that are vulnerable;

—sessions shows active sessions

Get-Service script to check if antivirus is running on target machine

enum_avproducts shows antivirus details

—sam dumps sam hashes

—kerberoasting shows if target system is vulnerable to kerberoasting

 

Responder

A network infrastructure penetration testing tool; man in the middle attack tool; intercepts requests and impersonates users; SMB, mssql, http, ldap, smtp, imap, dns, arp spoofing; Request can contain hashes;

 

Hashcat

Utilise .txt password wordlists (libraries) and generic hash types to crack;

md5sum writes hash

cut -d ‘ ‘ removes characters from hash request

 

John The Ripper

Can crack SSH Private Key Paswords;

ssh2john to convert rsa into txt file

use wordlists

 

Hydra

Bruteforce passwords/login pages; rdp, http, ; hydra can replace ‘Admin’ credential and ‘Password’ credential with wordlists for us;

 

Bloodhound

Used to identify vulnerabilities in AD; Feed data from previous enumeration (Can use sharphound etc); Can view network nodes and relationships between them, groups; Shows user permissions and capabilities; Suggests how to abuse vulnerabilities; USeful for deciding on how to excalate priviliges and identify targets;[WHEN INITIALISING IN DOCKER BE SURE TO GET INTIAL PASSWORD FROM TERMINAL OUTPUT, refer to tutorial]

 

Medusa

Uses modules for specific ports; For Cracking Passwords; Can attempt to login to multiple hosts, with multiple services, with multiple passwords at once;

 

Burp Suite

Broken Authentication Attacks; Web intercept; Proxy intercept; Cookie saving and editing; Request intercepts; Use Mutillidae (Hackable website) or Metasploitable to practice and explore;

r0tZ Avatar

Leave a Reply

Your email address will not be published. Required fields are marked *