Hints - CodiMD

# Hints # Finding credentials in plaintext What type of information you want to find? Where admin can save his passwords? ### How to Extract Hashes and Bruteforce Them with Hashcat (Using rockyou.txt) Sometimes you need to change format - check it from "examples hashes" from hashcat site ( just google it) --- #### 1. ZIP Archives ```bash zip2hashcat.py archive.zip > zip.hash hashcat -m 13600 -a 0 zip.hash /usr/share/wordlists/rockyou.txt.gz ``` #### 2. 7z Archives ``` 7z2hashcat.py archive.7z > 7z.hash hashcat -m 11600 -a 0 7z.hash /usr/share/wordlists/rockyou.txt.gz ``` #### 3. RAR Archives ``` rar2hashcat.py archive.rar > rar3.hash hashcat -m 13000 -a 0 rar3.hash /usr/share/wordlists/rockyou.txt.gz #for rar5 hashcat -m 13010 -a 0 rar5.hash /usr/share/wordlists/rockyou.txt.gz ``` #### 4. KeePass Databases (1.x and 2.x) ``` keepass2john database.kdbx > keepass.hash hashcat -m 13400 -a 0 keepass.hash /usr/share/wordlists/rockyou.txt.gz ``` # Dump LSASS process in Windows 1. Can you upload some interesting tools with kiwi inside the machine? 2. Or maybe dump some interesting registry hive? # MSI Install https://labs.cyber-ed.ru/group/119/task/20 1. Can you check some interesting registry hive 2. How you can abuse it 3. Generate what you need with msfvenom 4. Run it inside the rdp session # Dump credentials from SAM and system database https://labs.cyber-ed.ru/group/119/task/402 1. Check if you have seBackupPrivilege? 2. If yes and Active - can you abuse it with some code from github? Or if yes and Disable - can you enable it? 3. Dump what you need and parse it # Print Nightmare https://labs.cyber-ed.ru/group/119/task/341 1. Check if you have access to RPC 2. Generate msfvenom as dll 3. Start smb share as `sudo impacket-smbserver Share . -smb2support` 4. run exploit with `printnightmare.py` # Home tasks ## MSSQL abuse https://labs.cyber-ed.ru/group/119/task/39 1. Can you bruteforce the user for mssql? 2. MSSQL have some privileges- can you check it? ## DLL hijacking https://labs.cyber-ed.ru/group/119/task/409 1. Can you find some strange exe file? What if you run it? ## Impersonate user https://labs.cyber-ed.ru/group/119/task/403 1. Do you like potatoes? Maybe hackers also like potato with privileges? # Medium task with impersonation https://labs.cyber-ed.ru/group/119/task/428 1. Can you find anywhere some credentials?