Top
Search n00bz.net
  • South Florida Security Resources
    • HackMiami.org
      HackMiami is made up of information security professionals, hardware engineers, network administrators, students, and those who simply enjoy technology.
    • South Florida ISSA
      The Information Systems Security Association is, "the pre-eminent trusted global information security community".
  • PenTest Solutions
    • Rapid7 Metasploit Express
      Metasploit Express is an affordable, easy-to-use penetration testing solution that provides full network penetration testing capabilities, backed by the world’s largest, fully tested and integrated public database of exploits.
    • Core Impact PRO
      Core Impact is designed to evaluate the whole of the security in an office ecosystem. It allows the user to probe for and exploit security vulnerabilities in computer networks, endpoints and web applications.
« Free In-Flight WiFi | Main | Microsoft Kinect Hacked? Already?! »
Wednesday
Nov102010

Metasploit Pro PWDump Report

DateWednesday, November 10, 2010 at 4:22PM

I have been testing Rapid7's new Metasploit Pro product.  While I am finishing up the review, you can check here for the HackMiami review of Metasploit Express.

Added to the features are VPN pivoting and 2 new attack vectors of Web Attacks and Social Engineering. 

On Nov 2nd, HD had a webcast to showcase the new features of Pro.  One of the questions received was about taking the hashes collected and converting them into plain text passwords.  HD said that in the next update, one could export data that had been looted to a PWDump format.

While at a client site last week, I got an opportunity to use this feature.  It is quite simple. 

Step 1:

Under the Reports tab, Go down to Generated Reports and select Generate a Report.

Under the Report Format Select PWDump.

 

The output looks like this.

Running this through your favorite program (I like ophcrack) results in the plain-text passwords.

This is often helpful when explaining the risks to the non-technical company management.  Hashes may not mean anything to them.  It is often very effective when you ask if "Fluffy2010" is also their VPN, Facebook, and personal email password. 

 

Spoiler Alert:  It was!

 

 

Authorn00bz Network | CommentPost a Comment | Reference3 References |
tagged , in ,

References (3)

References allow you to track sources for this article, as well as articles that were written in response to this article.
  • Response
    Response: Cheap Panthers Jerseys
    at Cheap Panthers Jerseys on October 17, 2013
    NFL is genuinely 1 of the most significant sports in America. It has a significant following.
  • Response
    Response: hack facebook
    at hack facebook on October 19, 2013
    Metasploit Pro PWDump Report - Blog - n00bz Network
  • Response
    Response: minecraft crack
    at minecraft crack on November 17, 2013
    Metasploit Pro PWDump Report - Blog - n00bz Network

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Notify me of follow-up comments via email.