7MS #401: Tales of Internal Pentest Pwnage - Part 15
7 Minute Security21 Helmi 2020

7MS #401: Tales of Internal Pentest Pwnage - Part 15

It's episode 401 and we're having fun, right? Some things we cover today:

  • The Webinar version of the DIY Pwnagotchi evening will be offered in Webinar format on Tuesday, March 10 at 10 a.m.

  • A quick house fire update - we're closer to demolition now!

  • I finally got a new guitar!

Besides that, I've got a wonderful tale of pentest pwnage for you. Warning: this is a TBC (to be continued) episode in that I don't even know how it will shake out. I'm honestly not sure if we'll get DA! Here are the highlights:

  • I think in the past I might've said unauthenticated Nessus scans weren't worth much, but this test changed my mind.

  • If you can't dump local hashes with CrackMapExec, try SecretsDump!

./secretsdump.py -target-ip {IP of target machine} localhost/{username}@{target IP}
  • If you're relaying net user commands (or just typing them from a relayed shell), this one-liner is a good way to quickly add your user to local admins and the Remote Desktop Users group:
net user /add ladmin1 s00p3rn4ughtyguy! /Y & net localgroup Administrators ladmin1 /add & net localgroup "Remote Desktop Users" ladmin1 /add

  • Trying to RDP into a box protected with Duo MFA? If you can edit the c:\windows\system32\drivers\etc\hosts file, you might be able change the Duo authentication server from api-xxxxxxx.duosecurity.com to 127.0.0.1 and force authenetication to fail open! Source: Pentest Partners

  • In general, keep an eye on CrackMapExec's output whenever you use the '-x' flag to run commands. If the system is "hanging" on a command for a while and then gives you NO output and just drops you back at your Kali prompt, the command might not be running at all due to something else on the system blocking your efforts.

More on today's show notes at 7ms.us!

Jaksot(720)

7MS #696: Baby's First Security Ticketing System

7MS #696: Baby's First Security Ticketing System

In today's episode: I got a new podcast doodad I really like JitBit as a security ticketing system (not a sponsor) The Threat Hunting with Velociraptor 2-day training was great. Highly recommend. I...

10 Loka 202527min

7MS #695: Tales of Pentest Pwnage - Part 78

7MS #695: Tales of Pentest Pwnage - Part 78

Today's tale of pentest pwnage involves: Using mssqlkaren to dump sensitive goodies out of SCCM Using a specific fork of bloodhound to find machines I could force password resets on (warning: don't d...

3 Loka 202515min

7MS #694: Tales of Pentest Pwnage – Part 77

7MS #694: Tales of Pentest Pwnage – Part 77

Hey friends, today I talk about how fun it was two combine two cool pentest tactics, put them in a blender, and move from local admin to mid-tier system admin access (with full control over hundreds o...

26 Syys 202533min

7MS #693: Pwning Ninja Hacker Academy – Part 3

7MS #693: Pwning Ninja Hacker Academy – Part 3

This week your pal and mine Joe "The Machine" Skeen kept picking away at pwning Ninja Hacker Academy. To review where we've been in parts 1 and 2: We found a SQL injection on a box called SQL, got a...

19 Syys 202528min

7MS #692: Tales of Pentest Pwnage – Part 76

7MS #692: Tales of Pentest Pwnage – Part 76

Happy Friday! Today's another hot pile of pentest pwnage. To make it easy on myself I'm going to share the whole narrative that I wrote up for someone else: I was on a pentest where a DA account would...

12 Syys 202532min

7MS #691: Tales of Pentest Pwnage – Part 75

7MS #691: Tales of Pentest Pwnage – Part 75

Holy schnikes, today might be my favorite tale of pentest pwnage ever. Do I say that almost every episode? yes. Do I mean it? Yes. Here are all the commands/links to supplement today's episode: Got a...

5 Syys 202531min

7MS #690: Tales of Pentest Pwnage – Part 74

7MS #690: Tales of Pentest Pwnage – Part 74

Today's tale of pentest pwnage is a classic case of "If your head is buried in the pentest sand, pop it out for a while, touch grass, and re-enumerate what you've already enumerated, because that can ...

29 Elo 202521min

7MS #689: Pwning Ninja Hacker Academy – Part 2

7MS #689: Pwning Ninja Hacker Academy – Part 2

Hello friends! Today your friend and mine, Joe "The Machine" Skeen joins me as we keep chipping away at pwning Ninja Hacker Academy! Today's pwnage includes: "Upgrading" our Sliver C2 connection to...

22 Elo 202515min

Suosittua kategoriassa Politiikka ja uutiset

uutiscast
aikalisa
politiikan-puskaradio
rss-ootsa-kuullut-tasta
ootsa-kuullut-tasta-2
tervo-halme
rss-podme-livebox
rss-pinnalla
rss-asiastudio
rss-vaalirankkurit-podcast
otetaan-yhdet
aihe
the-ulkopolitist
et-sa-noin-voi-sanoo-esittaa
rss-uusi-juttu-mediastartupin-tarina
rss-kaikki-uusiksi
rss-girls-finish-f1rst
rss-ulkopoditiikkaa
rikosmyytit
viisupodi