Passwords and Port Forwarding
plink.exe
Enumeration
Hunt for passwords in registry:
Look for internal open ports:
If we find a credential and internal open ports
Exploitation
On your attack machine, edit /etc/ssh/sshd_config
:

Restart SSH service:
Download plink.exe
to your attack machine:
Transfer plink.exe
to the victim machine:
On the victim machine, do port forwarding (suppose we want to forward port 445):
Press "Enter" a few times to get the output. Use winexe
to spawn a SYSTEM shell:
Lab: Hack The Box - Chatterbox
Last updated
Was this helpful?