I kept seeing this error in the SIEM and it was bugging me because I couldn't identify the source.  At first glance, I thought it was an attacker because that's just how my mind works but given that this bad password was hitting the logs every 30 minutes, I was thinking that it was the slowest brute force attack... ever.  And it was literally every 30 minutes.  A quick Google search uncovered this free tool which made it super easy to get to the source. 

This comes from PayloadAllTheThings on github and it's somewhat obsolete in that it does not seem to work on Windows 10.  That being said, older systems are still vulnerable to this attack and it's pretty amazing.  The situation is this -- you find an open and writable file share.  Our preference is that it's a server share but it can be any share or any folder even.  If it's a server share, it's going to rain hashes. 

We're going to open Notepad and we'll insert the following:

You might be wondering what I'm doing with a super easy, circa 2010, vulnerable machine.  Recently, someone pointed me to a new certification and the very first vulnerable system to exploit is this box.  It turns out that I've never rooted, or written up, this box but I was curious as to how the current version of myself would take on this box.  So that's basically what this is about.  Moving on...

The description states:  This Kioptrix VM Image are easy challenges. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player). The purpose of these games are to learn the basic tools and techniques in vulnerability assessment and exploitation. There are more ways then one to successfully complete the challenges.