In this article Masschelein Steven shows how to hack Windows PC past times backdooring it to larn NTLMv2 hash as well as thence getting Windows password. Masschelein written the next description regarding this vulnerability as well as exploit:
I’ve made this article because merely about of my coworkers don’t realize how much harm yous tin practice if yous cleft the wireless network.
I’ve made this article a long fourth dimension agone but since the recent update to Kali 2.0 I’ve had to brand merely about changes. You immediately tin execute it inward 2 ways. I prefer the instant utilisation from break 4.
The basic is, I’ve made a vbs script that calls netcat as well as makes a backdoor on a victim PC. I’ve masked the netcat exe as well as the vbs script past times making executable file. I’m doing a homo inward the heart assault alongside mitmf as well as using beef to claw the victims browser. If nosotros larn a hooked browser as well as so nosotros ship the executable through a mistaken notification bar. If the victim as well as so executes the executable nosotros immediately convey a netcat backdoor.
The instant assault is based on the same principle, practice a homo inward the heart assault alongside mitmf as well as ship an executable alongside beef. this fourth dimension it’s a lilliputian different. I’ve had to tweak the python script from mitmf so that the samba server doesn’t start. I’ve made a portion on my assailant machine that grands everyone access to that share, as well as so nosotros get-go wireshark to larn the NTLMv2 hash. Then in 1 lawsuit again the victim browses the network nosotros ship a mistaken notification bar. The victim runs our exe as well as nosotros convey in 1 lawsuit again a netcat backdoor. Then nosotros brand a network portion to our shared folder via the ascendence prompt nosotros got. Then nosotros halt the wireshark capture. We brand a novel folder inward the %APPDATA% folder to re-create our instant executable file that nosotros convey placed inward our shared folder. Then if the file is copied nosotros larn inward auto-start on startup so that nosotros convey a persistence backdoor. As concluding assault nosotros connect to our network share, nosotros execute the programme procdump so that nosotros convey a retentiveness dump of the LSASS as well as disconnect the network drive.
The nosotros charge the mini-dump inward mimikatz as well as nosotros convey the plaintext password.
We likewise tin larn the NTLMv2 hash from wireshark witch is likewise explained inward the document.
I’ve tried to brand is every bit brusk every bit possible. If yous convey whatever questions nearly it or if something is’t clear experience costless to contact me.
It’s possible that at that spot are merely about spelling errors my native linguistic communication is Dutch :).
> This is a user submitted post that explains inward smashing length on backdooring a PC as well as getting Windows password & NTLMv2 hash. If yous are interested, download a re-create of the PDF file for references from the link below. Submission details added inward the adjacent section.
Netcat backdoor as well as NTLMv2 hash
Submitter Name: Masschelein Steven
Email Address: removed@somedomain
Headline: Backdooring a PC as well as getting Windows password & NTLMv2 hash
URL: https://dl.dropboxusercontent.
VirusScan results:
Feel costless to double-check earlier downloading this file. You tin submit your ain articles via Submit Articles section.
