RE: Hacking a Network with Armitage 03-05-2013, 02:37 PM
#17
LOL, why does one even need armitage?
What's the point of "Angry IP Scanner"?
Just find boxes on your network running Windows XP and pray for it to be vulnerable to windows/smb/ms08_067_netapi.
The best way would be to DNS Spoof the whole Network to a Java Drive By. Once you get a meterpreter session with metasploit, you could then pivot to try to get into the machines on the network, and start the attack from the first compromised machine.
A great way to pivot would be the Pass The Hash attack. Running hashdump will get the hashed password of the local administrator on that box, which is located in the SAM's DataBase.
Getting access to this hash, you could then use windows/smb/psexec to try to login to the other systems from that hash (The hashes must be the same).
What's the point of "Angry IP Scanner"?
Just find boxes on your network running Windows XP and pray for it to be vulnerable to windows/smb/ms08_067_netapi.
The best way would be to DNS Spoof the whole Network to a Java Drive By. Once you get a meterpreter session with metasploit, you could then pivot to try to get into the machines on the network, and start the attack from the first compromised machine.
A great way to pivot would be the Pass The Hash attack. Running hashdump will get the hashed password of the local administrator on that box, which is located in the SAM's DataBase.
Getting access to this hash, you could then use windows/smb/psexec to try to login to the other systems from that hash (The hashes must be the same).
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)