7MS #608: New Tool Release - EvilFortiAuthenticator

Hey friends, today our pal Hackernovice joins us for a tool (actually two tools!) release party:

• • EvilFortiAuthenticator - it's like a regular FortiAuthenticator, but evil. This tool allows you to capture the FortiAuthenticator API and subsequently steal the entire device's config, subsequently allowing you to restore the config to a second server and potentially steal cleartext Active Directory creds and SMTP accounts! We talk about
    • BulletsPassView - a tool that originially allowed us to simply unmask the "hidden" API key in the FortiAuthenticator client (this did NOT work in the latest version of FAC).
    • Once you get the API key, check out Fortinet's documentation to do fun things like dump the whole config to a file on disk!
    • After you steal the config and restore it to a fresh FortiAuthenticator, use maintenance mode to reset the admin password.
    • Once you can adjust the restored config to your liking, try using MITMsmtp to capture email server creds in the clear!
  • TCMLobbyBBQ - this tool has nothing to do with security, but helps PC players of the Texas Chain Saw Massacre get into lobbies more efficiently.