Day 6

Day 6
- .21 was easiest system to access
  - there's always one like that, unpatched
  - dump pwd hashes, crack
  - kim and john pwds
  - ssh to ther systems
  - kim gives you root on .23
  - scp to 24 as lara
  - local priv excalation
  - remember to use sniffer as well as nmap, nessus to find open ports
- getting onto 22 is difficult
  - smbclient over from 21
    - mount c$ on 22
  - need pwhashes
  - use netsh to open up hole in firewall on 22
  - windows running fgdump against our linux
  - our linux relays to .24
    - need to open up firewall to allow this
  - .24 relays to .22
- attack map