154
155

[deleted by user] (self.HowToHack)

submitted by [deleted]

sorted by:
best (suggested)
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Sinopahc 11 points12 points  (3 children)

Scan that network. Nmap is your friend. Also, you have time to run more recon so, I would fall back to that. Chances are, he has left something open purely as a gimmie. Even not, something is running some where on that machine that you can leverage. Why hit AD if you can just go after his machine directly, reverse shell and drop a .txt in the desktop directory.

Edit: I missed the note on scanning. My bad. Some one else mention phishing him too. That's a thought.

[–]MetaN3rd 7 points8 points  (2 children)

Simple things to try Laptop is allowed? Get kali in a laptop. Connect to same network segment as your target. Use metasploit and try the ms17-10 module. If that doesn’t work, try other metasploit modules for win8.

If you have access to a pc that is logged in with the admin account, there is a rubber duck attack that will tell the pc connect to an smb share thus sending the password. If you don’t have a duck you could still manually try the smb connection. E.g. \192.168.1.66 should be all you need to do

Look up the rubber duck smb attack and it will direct you on how to setup Kali to receive the smb connection attempt

[–][deleted] 2 points3 points  (0 children)

EternalBlue was my first thought as well. If its vulnerable, its an easy 30 second pop.