Capturing NTLM Hashes using Bettercap

Recently during an engagement, while I was performing an internal network assessment, I figured out that responder was not able to capture the hashes. Initially I thought that this might be due to some issue with the responder configuration or the options that I am using. After fiddling with it for a while, I started searching on capture NTLM hashes over the internet. I found some good links to use bettercap and thought of putting it down for my own reference.

Continue reading “Capturing NTLM Hashes using Bettercap”

Getting system access using malicious word file

Background

Microsoft Office Word / Wordpad remote code execution vulnerability allows a remote attacker to execute arbitrary code on the system. An attacker can send specially crafted files which can cause the MS Word / Wordpad to download a remote shell and the attacker can gain access of the system. Once, the attacker has control of the machine, he / she can install a software, create a backdoor, view, modify or delete data, can create users with full permissions.

Continue reading “Getting system access using malicious word file”