7MS #537: Tales of Pentest Pwnage - Part 42
7 Minute Security9 Syys 2022

7MS #537: Tales of Pentest Pwnage - Part 42

In today's episode we share some tips we've picked up in the last few weeks of pentesting, with hopes it will save you from at least a few rounds of smashing your face into the keyboard. Tips include:

  • If you find yourself with "owns" rights to a bajillion hosts in BloodHound, this query will give you a nice list of those systems, one system per line:

cat export-from-bloodhound.json | jq '.nodes[].label' | tr -d '"'

Then you can scan with nmap to find the "live" hosts:

nmap -sn -iL targets.txt

  • For resource based constrained delegation attacks, check out this episode of pwnage for some step-by-step instructions.

  • If you have RBCD admin access to victim systems, don't forget that CrackMapExec support Kerberos! So you can do stuff like:

cme smb VICTIM-SYSTEM -k --sam or cme smb VICTIM-SYSTEM -k -M wdigest -M ACTION=enable

  • Take the time to search SMB shares with something like PowerHuntShares. If you have write access in places, drop an SCF file to capture/pass hashes!

  • Looking to privilege escalate while RDP'd into a system? You owe it to yourself to check out KrbRelayUp!

  • Ever find yourself with cracked hashcat passwords that look something like '$HEX[xxxx]'? Check this tweet from mpgn for a great cracking tip!

Jaksot(684)

7MS #243: ZOMG Logo Design Contest!

7MS #243: ZOMG Logo Design Contest!

Here are today's show notes!

2 Helmi 20179min

7MS #242: Bye Bye Dream Job - Part 4

7MS #242: Bye Bye Dream Job - Part 4

We've reached the end of this series, and I come into this final chapter bearing good news: I have a job! So in today's episode, I just wanted to kick back and share some cool things I'm working on as I ramp up in this new adventure (and that will also provide good topics for future episodes): Webapp pentest tool bake-off In the next week I'll be evaluating the following for a more general/automatic Webapp scans: Netsparker HP WebInspect Qualys AppSpider SIEM comparison We're looking at several tools to do both on-prem and managed SIEM solutions. If you've got recommendations or experiences to share I would love to hear them - please contact me. Thanks in advance!

26 Tammi 201710min

7MS #241: Bye Bye Dream Job - Part 3

7MS #241: Bye Bye Dream Job - Part 3

Show notes are here

19 Tammi 201713min

7MS #240: Bye Bye Dream Job - Part 2

7MS #240: Bye Bye Dream Job - Part 2

Show notes are here.

12 Tammi 201712min

7MS #239: Bye Bye Dream Job - Part 1

7MS #239: Bye Bye Dream Job - Part 1

Show notes: https://7ms.us/7ms-239-bye-bye-dream-job-part-1

5 Tammi 20179min

7MS #238: Network Monitoring 101 - Part 2: NMAP, Papertrailapp and OpenCanary

7MS #238: Network Monitoring 101 - Part 2: NMAP, Papertrailapp and OpenCanary

Show notes: https://7ms.us/7ms-238-network-monitoring-101-part-2-nmap-papertrailapp-and-opencanary

30 Marras 20168min

7MS #237: Network Monitoring 101 - Part 1: Nessus

7MS #237: Network Monitoring 101 - Part 1: Nessus

Show notes: https://7ms.us/7ms-237-network-monitoring-101-part-1-nessus

23 Marras 20168min

7MS #236: From "Derp!" to Domain Admin with MOVEit Central

7MS #236: From "Derp!" to Domain Admin with MOVEit Central

Show notes: https://7ms.us/7ms-236-from-derp-to-domain-admin-with-moveit-central

17 Marras 201611min

Suosittua kategoriassa Politiikka ja uutiset

rss-podme-livebox
aikalisa
ootsa-kuullut-tasta-2
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
politiikan-puskaradio
rss-vaalirankkurit-podcast
aihe
the-ulkopolitist
rss-kovin-paikka
rikosmyytit
linda-maria
rss-mina-ukkola
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
radio-antro
rss-aijat-hopottaa-podcast
rss-opiskelijasta-proksi
rss-hyvaa-huomenta-bryssel
rss-raha-talous-ja-politiikka
rss-kyselytunti