7MS #420: Tales of Internal Pentest Pwnage - Part 17
7 Minute Security26 Kesä 2020

7MS #420: Tales of Internal Pentest Pwnage - Part 17

Today's episode is a fun tale of pentest pwnage! Interestingly, to me this pentest had a ton of time-sponging issues on the front end, but the TTDA (Time to Domain Admin) was maybe my fastest ever.

I had to actually roll a fresh Kali VM to upload to the customer site, and I learned (the hard way) to make that VM disk as lean as possible. I got away with a 15 gig drive, and the OS+tools+updates took up about 12 gig.

One of the biggest lessons I learned from this experience is to make sure that not only is your Kali box updated before you take it to a customer site (see this script), but you should make sure you install all the tool dependencies beforehand as well (specifically, Eyewitness, Impacket and MITM6).

This pentest was also extremely time-boxed, so I tried to get as much bang out of it as possible. This included:

  • Capturing hashes with Responder
  • Checking for "Kerberoastable" accounts (GetUserSPNs.py -request -dc-ip x.x.x.x domain/user)
  • Check for MS14-025 (see this article)
  • Check for MS17-010 (nmap -Pn -p445 --open --max-hostgroup 3 --script smb-vuln-ms17-010 192.168.0.0/24 -oA vulnerable-2-eblue) and try this method of exploiting it
  • Check for DNS zone transfer (dnsrecon -d name.of.fqdn -t axf)
  • Test for egress filtering of ports 1-1024
  • Took a backup of AD "the Microsoft way" and then cracked with secretsdump:

sudo python ./secretsdump.py -ntds /loot/Active\ Directory/ntds.dit -system /loot/registry/SYSTEM -hashes lmhash:nthash LOCAL -outputfile /loot/ad-pw-dump

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(731)

7MS #731: CARTP – Cloud Red Team Tactics for Attacking and Defending Azure – THE FINAL CHAPTER!

7MS #731: CARTP – Cloud Red Team Tactics for Attacking and Defending Azure – THE FINAL CHAPTER!

Hey friends! Fair warning: today's episode is a bit of an emotional rollercoaster — we've got a big security win, some honest lab feedback, and a very personal share about my dad's funeral. Buckle up....

17 Heinä 53min

7MS #730: Baby's First Project Swarm

7MS #730: Baby's First Project Swarm

Hey friends! Still your grieving pal over here, but also your swarming friend and Protecting My Network Edge host — because this week I've been tinkering with something called Project Swarm and I've g...

10 Heinä 25min

7MS #729: Pwning Dracarys

7MS #729: Pwning Dracarys

Hey friends! Still your grieving pal over here, but also your happy hacking host — because today we're diving into baby's first Dracarys! (Yes, I'm probably pronouncing that wrong. Yes, I'm going to k...

4 Heinä 18min

7MS #728: Securing Your Family During and After a Disaster – Part 8

7MS #728: Securing Your Family During and After a Disaster – Part 8

Hey friends! This is a tough one to write. My dad passed away on Friday, and instead of the hacker-y tech episode I had planned, I pivoted to something more personal — another installment of our "Secu...

30 Kesä 38min

7MS #727: Securing Your Mental Health – Part 7

7MS #727: Securing Your Mental Health – Part 7

Hello friends! It's been over a year since we did a dedicated mental health episode, so today I'm doing a big catch-up and running through my 7-point plan for being a more mentally secure me. None of ...

19 Kesä 21min

7MS #726: Baby's First Hermes

7MS #726: Baby's First Hermes

Hello friends! I've been on a bit of an AI agent journey lately, and today I'm sharing my experience ditching OpenClaw and going all-in on Hermes — a self-hosted AI agent built by Nous Research. A Net...

12 Kesä 22min

7MS #725: Building a Bulletproof Backup Solution

7MS #725: Building a Bulletproof Backup Solution

Hey friends! Backups are not as cool as pentesting, but boy do they matter when things go sideways. This week I'm sharing how a Proxmox backup disk space meltdown led me to a completely overhauled — a...

5 Kesä 21min

7MS #724: Tales of Pentest Pwnage - Part 85

7MS #724: Tales of Pentest Pwnage - Part 85

Hey friends! Today we're going deep on external network pentesting — something I realize we've barely touched in however many episodes we've done. I'm currently in a long stretch of back-to-back exter...

29 Touko 30min

Suosittua kategoriassa Politiikka ja uutiset

aikalisa
uutiscast
ootsa-kuullut-tasta-2
rss-ootsa-kuullut-tasta
rss-vaalirankkurit-podcast
rss-podme-livebox
rss-seksicast
otetaan-yhdet
tervo-halme
aihe
politiikan-puskaradio
linda-maria
et-sa-noin-voi-sanoo-esittaa
rss-girls-finish-f1rst
viela-yksi-sivu
the-ulkopolitist
mtv-uutiset-polloraati
rss-kovin-paikka
rss-sveriges-radio-finska
rss-raha-talous-ja-politiikka