ENUMERATION
NMAP
WEB
I login as guest
I see this messages talking about problems with cisco router
If you click in Attachment you can see intersting things:
I copy and save this to my machine and i clone this repository to deecrypt cisco passwords:
https://github.com/theevilbit/ciscot7
I crack very easy the passwords:
This are the credentials:
I create users.txt file with hazard (user from forum) admin (file) rout3r (file)
And i create a passwords.txt witw both cracked passwords
Password Spryng:
0 results...
I go back to Hazard file and i see other hash:
I try to crack it:
Perfect, now i put in passwords file and i try other Password Sprying:
PERFECT!! I have credentials!
I try crackmapexec to test winrm to access to victim local machine bur anytthing:
New Resources:
I can't access to RPC
But i have Read Permisions in IPC$ share smb resource
I can enumerate users with lookupsid.py from impacket python library
I do this regular expresion to save users in users.txt file:
I try other password spying and...
I have credentials to Chase user:
I can access with evil-winrm to victim machine!
I find this processes for firefox
I try to use procdump for 64 bits
I download from here: https://docs.microsoft.com/en-us/sysinternals/downloads/procdump
I upload to victim machine
I search firefox process:
I have dumped
I start to download this to my kali machine.
I do strings and i found password:
I have admin Creds!!
PWNED!!
THANKS!
Video for this in this youtube channel: