Choose Cain??™s Cryptoanalysis Attack option
and then select HALFLM Hashes + Challenge | Via Rainbow Tables. As shown in Figure 4-5,
the rainbow table crack of a numeric-only password can be very fast.
Chapter 4: Using Metasploit
97
PART II
Figure 4-5 Cain rainbow crack
NOTE The chain length and chain count values passed to winrtgen may need
to be modified to successfully crack a specific password. Winrtgen will display
the probability of success. If 97 percent success probability is acceptable, you
can save quite a bit of disk space. If you require 100 percent success, use
longer chains or add more chains.
Using Metasploit to Auto-Attack
One of the coolest new Metasploit 3 features is db_autopwn. Imagine if you could just
point Metasploit at a range of hosts and it would ???automagically??? go compromise them
and return to you a tidy list of command prompts. That??™s basically how db_autopwn
works! The downside is that you??™ll need to get several moving parts all performing in
unison. Db_autopwn requires Ruby, RubyGems, a working database, nmap or Nessus,
and every binary referenced in each of those packages in the system path. It??™s quite a
shuffle just getting it all working.
Rather than giving the step-by-step here, we??™re going to defer the db_autopwn demo
until the next chapter, where it all comes for free on the Backtrack CD.
Pages:
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238