上QQ阅读APP看书,第一时间看更新
Authentication capture
By Jove, we have a hit! The screen lights up with the captured authentication attempts:
We can open up our John capture file in nano to see the output formatted for cracking:
In this example, the target is sending us NTLMv1 credentials. Later in the book, we'll discuss downgrading security during post-exploitation on the compromised host so we can nab weak hashes.
This attack worked, but there's one nagging problem with it: we had to trick the device into trying to authenticate with our Kali machine. With the printer, we had to modify its configuration, and a successful attack means lost data for the unsuspecting user, requiring our timing to be impeccable if we want the anomaly to be ignored. Let's examine another way to capture Windows authentication attempts – except this time, we're going to capture credentials while a system is looking for local shares.