Capturing Windows passwords on the network

In the Kali Linux world, there is more than one way to set up an SMB listener, but now's a good time to bring out the framework that needs no introduction: Metasploit. The Metasploit Framework will play a major role in attacks throughout the book, but here we'll simply set up a quick and easy way for any Windows box on the network to attempt a file- sharing connection.  

We start up the Metasploit console with:

# msfconsole

The Metasploit Framework comes with auxiliary modules – they aren't exploiters with payloads designed to get you shell, but they are wonderful sidekicks on a pen test as they can perform things such as fuzzing or, in our case here, server authentication captures. You can take the output from here and pass it right along to a cracker or to an exploit module to progress in your attack. To get a feel for the auxiliary modules available to you, you can type this command in the MSF prompt:

show auxiliary

We'll be using the SMB capture auxiliary module. Before we configure the listener, let's consider a real-world pen test scenario where this attack can be particularly useful.