Last week, team members picked an exploit for their penetration reports and worked on breaking into the system. Once you get in, you will need to work on password cracking and data exfiltration. Each red team member was assigned a different account and will crack a different password hash. In addition, each person on the team is responsible for extracting a different data artifact from the victim Metasploitable system.
If you are on Red Team #1 and are assigned Student #2, get the password hash for redteam1student2, and crack it using John the Ripper or other tool.
If you are on Red Team #1 and assigned Student #2, go into the redteam1 folder on the root directory on the victim machine. In that folder, you will find a folder called student2. There is a file called mypass.txt in that folder. Get the contents of the file from the victim out of the network and display it for the client to see. This mypass.txt file is part of the data exfiltration phase, not the password cracking/credential harvesting.
Continue to work together as a red team to make sure that everyone in your group can penetrate the system, locate and crack each password hash, and find the assigned data set and take it out of the network.
A true red “team” will leave no one behind and will make sure that all members of the team are successful.