7MS #441: SharpGPOAbuse
7 Minute Security15 Marras 2020

7MS #441: SharpGPOAbuse

Hello friends! Sorry to be late with this episode (again) but we've been heads-down in a lot of cool security work, coming up for air when we can! Today's episode features:

  • A little welcome music that is not the usual scatting of gibberish I torture you with

  • Some cool tools I'm playing with in the lab that we'll do future episodes on in the future:

    • DetectionLab to practice detecting all the bad things!
    • BadBlood to dirty up your AD (your test AD with groups, computers, permissions, etc.). I wish the user import script would let you choose a list of bad passwords to assign the users, but you can also run it manually if you want.
    • Cobalt Strike - we're doing a demo right now!

Most of today's episode focuses on SharpGPOAbuse, a tool that can be used to abuse "generic write" access to GPOs (which you might identify after running BloodHound). Here's a sample syntax you could run:

SharpGPOAbuse.exe --AddUserTask --TaskName "Totes Safe Windoze Updatez" --Author SAMPLECO\ADMINISTRATOR --Command "cmd.exe" --Arguments "/c net group \"Domain Admins\" SomeLowPrivUser /ADD DOMAIN" --GPOName "Name of GPO with Generic Write Access"

This will push a ScheduledTasks.xml file to \\sample.company\Policies\LONG-STRING-REPRESENTING-THE-GPO-ID\User\Preferences\ScheduledTasks

Now if you find that the task is not pushing correctly, it may be that SharpGPOAbuse.exe hasn't been able to update either the GPT.INI file (in the root of the GPO path) and/or the versionNumber value assigned to the GPO itself.
If you need to adjust the versionNumber and GPT.INI value manually, definitely read this Microsoft article so you know how the number is generated and how to increment it properly. This flippin' sweet RastaMouse blog article also helped this click for me.

If you can't seem to update versionNumber using the PowerShell in Rasta's article, you can also open up ADSI Edit and navigate to Default naming context > DC=your,DC=com > CN=System > CN=Policies > CN=LONG-STRING-REPRESENTING-THE-GPO-ID then get the properties of the folder, scroll down and manually adjust the value for versionNumber.

Jaksot(683)

7MS #138: OFF-TOPIC - The Hateful Eight

7MS #138: OFF-TOPIC - The Hateful Eight

Looks like I'm one of the few people in the world who did NOT love this movie. I found it painful slow and claustrophobic. #diappointed.

7 Tammi 20168min

7MS #137: OFFTOPIC-Welcome to Leith

7MS #137: OFFTOPIC-Welcome to Leith

This off-topic episode talks about one of the most gripping and disturbing documentaries I've ever seen. Welcome to Leith, in a nutshell, asks the question: What would you do if a white supremacist group moved in next door?

6 Tammi 20168min

7MS #136: Python for Newbs

7MS #136: Python for Newbs

One skill that's been kind of a hinderance in my IT/security career is I have exactly zero experience in programming/coding. Zero. Zip. Nil. Nada. Nothing.. But I'm trying to remedy that in 2016 by learnin' me some Python, and I picked up a great book called Python Crash Course, which has been exactly what this newb needed. At the time of publishing, you can get 30% off with the coupon code CRASHCOURSE!

5 Tammi 20169min

7MS #135: I Got a New Job - Part 4

7MS #135: I Got a New Job - Part 4

This is a four-part series about my transition to a new job! The topics are as follows: * Part 1: When it may be time to look for a new job (or not) * Part 2: How to stand out during phone screenings and interviews * Part 3: How to gracefully transition from old job to new job * Part 4: Here's what I'm doing in my new gig!

4 Tammi 20168min

7MS #134: I Got a New Job - Part 3

7MS #134: I Got a New Job - Part 3

This is a four-part series about my transition to a new job! The topics are as follows: Part 1: When it may be time to look for a new job (or not) Part 2: How to stand out during phone screenings and interviews Part 3: How to gracefully transition from old job to new job Part 4: Here's what I'm doing in my new gig!

1 Tammi 20169min

7MS #133: I Got a New Job - Part 2

7MS #133: I Got a New Job - Part 2

This is a four-part series about my transition to a new job! The topics are as follows: Part 1: When it may be time to look for a new job (or not) Part 2: How to stand out during phone screenings and interviews Part 3: How to gracefully transition from old job to new job Part 4: Here's what I'm doing in my new gig!

1 Tammi 20168min

7MS #132: I Got a New Job - Part 1

7MS #132: I Got a New Job - Part 1

This is a four-part series about my transition to a new job! The topics are as follows: Part 1: When it may be time to look for a new job (or not) Part 2: How to stand out during phone screenings and interviews Part 3: How to gracefully transition from old job to new job Part 4: Here's what I'm doing in my new gig!

1 Tammi 20167min

7MS #131: How to Attempt a Two Week Pentest in Two Days

7MS #131: How to Attempt a Two Week Pentest in Two Days

The title says it all. I had two days to pentest a network that probably would've taken two or more people two weeks or more. I laughed. I cried. I had fun.

30 Joulu 20158min

Suosittua kategoriassa Politiikka ja uutiset

rss-podme-livebox
aikalisa
ootsa-kuullut-tasta-2
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
politiikan-puskaradio
aihe
rss-vaalirankkurit-podcast
the-ulkopolitist
rikosmyytit
rss-kovin-paikka
rss-mina-ukkola
linda-maria
rss-hyvaa-huomenta-bryssel
rss-tyolinjalla-pekka-sauri
radio-antro
rss-aijat-hopottaa-podcast
rss-raha-talous-ja-politiikka
rss-kyselytunti
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset