Ramblings of a NetSec addict
Windows remote desktop is a commonly used protocol throughout many networks. It provides remote access to windows machines when enabled.
Tool
rdesktop
Basic Syntax
rdesktop -u <username> -p <password> <ip address> -g <percentage / resolution></percentage></ip></password></username> |
rdesktop -u <username> -p <password> <ip address> -g <percentage / resolution></percentage></ip></password></username>
A heap of simple linux commands that may prove useful to do basic things.
Requesting a DHCP IP Address
dhclient <interface></interface> |
dhclient <interface></interface>
Setting a Static IP Address
ifconfig <interface> <ip address>/<cidr> route add default gw <gateway IP Address> echo nameserver <nameserver / Gateway IP Address> > /etc/resolv.conf</nameserver></gateway></cidr></ip></interface> |
ifconfig <interface> <ip address>/<cidr> route add default gw <gateway IP Address> echo nameserver <nameserver / Gateway IP Address> > /etc/resolv.conf</nameserver></gateway></cidr></ip></interface>
Check Who You Are
echo %USERDOMAIN%\%USERNAME whoami |
echo %USERDOMAIN%\%USERNAME whoami
Check Windows Version
systeminfo | findstr /B /C:"OS Name" /C:"OS Version" |
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
Add a User
net user <username> <password> /add</password></username> |
net user <username> <password> /add</password></username>
Sometimes you obtain passwords that are in a hashed form. Due to the mathematical properties of (secure) hashes there are limited ways of recovering the plain text. Primarily this will be through brute force, or alternatively using word lists. oclHashcat is a fantastic hash cracking tool that takes advantage of your GPU to dramatically ramp up your hash calculating (and hence cracking) ability. For a dictionary attack the hash of each word in the dictionary is calculated and compared against your target hash. If the hashes match clearly the original value of the target must have been the same, hence the password is revealed. If the hash does not match the next word is calculated until the list is exhausted. Word lists have the advantage of being a lot higher more likely to contain the password (passwords are usually derived from humans), so your limited computing power is more targeted with a word list. The downside is that if the word is not in the list the hash will not be broken. Brute force attacks alternatively will always eventually get the hash value, but typically it takes so long to cycle through possible values it’s infeasible. (Hint: Calculate how many combinations can be made with 8 characters of numbers / upper / lower characters. How long would it take to cycle through all of these if we were guessing at 1 million guesses a second?)
[Read more…]
Often when you wish to crack a hash you need to identify what type of has it is so you can successfully configure oclHashcat or your favorite cracking tool. Hash-identifier is a nifty tool built into Kali which will allow you to print out the most likely hash format.
[Read more…]