Windows: NTLM Hash Cracking
overview
In this lab, you'll learn to perform security testing on a Windows system by identifying and exploiting vulnerabilities to crack NTLM hashes. You will use tools like Nmap and Metasploit to scan, identify, and exploit the target Windows machine, demonstrating how to escalate privileges and extract sensitive information.
tasks
Lab Environment
In this lab environment, you will be provided with GUI access to a Kali machine. The target machine will be accessible at demo.ine.local.
Objective: To exploit a vulnerable Windows server, extract NTLM hashes, and attempt to crack these hashes.
Tools
The best tools for this lab are:
Nmap
msfconsole
solutions
Step 1: Open the lab link to access the Kali machine.
Step 2: Check if the target machine is reachable:
Command:
The target is reachable.
Step 3: Run a Nmap scan against the target machine.
Before we can begin the process of automating local enumeration on Windows, we will need to gain access to the target system.
To begin with, we will need to identify a vulnerable service running on the Windows target system, this can be done by performing a service version detection scan with Nmap.
Command:
We have discovered that multiple ports are open. We will run nmap again to determine version information on port 80.
Command:
Step 4: We will search the exploit module for badblue 2.7 using searchsploit.
Command:
Step 5: There is a Metasploit module for the badblue server. We will use the Metasploit module to exploit the target.
First, start a Postgresql database server for MSF database connectivity.
Commands:
We have successfully exploited a badblue server.
Step 6: Migrate the current process into lsass.exe
Command:
Step 7: Dump NTLM hashes
Commands:
Step 8: Verify that the hashes are stored in the MSF database or not.
Command:
Step 9: Use an auxiliary ntlm hash cracking module to crack stored NTLM hashes.
Commands:
This revealed the flag to us:
Administrator: password
bob: password1
References
Last updated