**Kit Redgrave 🕯** @KitRedgrave@glitch.social · 28 fév. 2018, 20:15

**Kit Redgrave 🕯** @KitRedgrave@glitch.social · 28 fév. 2018, 20:15

Kit Redgrave 🕯 @KitRedgrave@glitch.social

looking at a little guide and wow

metasploit and nessus really make this stuff look far too easy

**Erica 💜🦊** @packetcharmer · 28 fév. 2018, 23:40

**Erica 💜🦊** @packetcharmer · 28 fév. 2018, 23:40

@KitRedgrave the real trick is figuring out how the tools work well enough that you still know what to do when they fail, because they will fail on you. I’ve gotten to the point that I can fully compromise a Windows domain without using metasploit at all, just Responder, hashcat, impacket, and mimikatz. The main value of Metasploit to me is that meterpreter makes post-exploitation a lot easier.

**Kit Redgrave 🕯** @KitRedgrave@glitch.social · 28 fév. 2018, 23:45

**Kit Redgrave 🕯** @KitRedgrave@glitch.social · 28 fév. 2018, 23:45

@packetcharmer i really gotta learn all this windows stuff tbh. i left for linux a long while ago and haven't looked at any of this stuff

**Erica 💜🦊** @packetcharmer · 2018-02-28T23:47:34Z

Erica 💜🦊 @packetcharmer

@KitRedgrave I mean knowing Linux is great, makes things easier once you compromise those servers, but most corporations have their auth centered around windows workstations controlled by active directory so you’ll want to know how to break that too.

28 fév. 2018, 23:47 · Amaroq · 0 · 1

**Kit Redgrave 🕯** @KitRedgrave@glitch.social · 28 fév. 2018, 23:53

**Kit Redgrave 🕯** @KitRedgrave@glitch.social · 28 fév. 2018, 23:53

@packetcharmer yeah. gotta go find a ctf or lab that has that, or maybe it's part of pwk