if you remember from our service is
we should weigh should recall that we had DNC running here. So there it is.
Any credentials which I've captured again will be shown here these air from the post crushed shell that I re established earlier.
So as I was saying it will it will put these in the database as they are captured shows where they came from,
which service that was running.
And because I did the hash dump with post dress. I also grabbed that.
We see that it's an MD five hash.
We have a scanner for this.
So let me do a search
for being see you see how many things we get? Quite a few,
Let me do a search force
scanner, BNC, see if that works. There we go.
All right, So notice that I can I don't need double quotes. I can just use a slash because I know it's a scanner that I want. And I remember that there's one for BNC, so that gives me a nice little short. Got to be able to do in that format,
s so we're gonna first try
looks for avian C configuration that has a
hasn't had the password set.
That would be a huge
benefit for the Manchester
V. NC Connection is much like a remote desktop connection.
let's go ahead on. Specify this.
Look at her options.
Our host is already sat remote. Port looks correct,
let's go ahead and run the exploit.
So it found protocol. Version three Come on, four
It looks like it did not find a bowling password, but it might have, so that was worth worth checking again. We're going for the list of service is
trying methodically to identify areas where we think
we might be able to gain access to a system.
We've already shown a couple ways to get into this system, but we want to try some various options in order to fully explore are available