7MS #640: Tales of Pentest Pwnage – Part 63
7 Minute Security7 Syys 2024

7MS #640: Tales of Pentest Pwnage – Part 63

This was my favorite pentest tale of pwnage to date! There’s a lot to cover in this episode so I’m going to try and bullet out the TLDR version here:

  • Sprinkled farmer files around the environment
  • Found high-priv boxes with WebClient enabled
  • Added “ghost” machine to the Active Directory (we’ll call it GHOSTY)
  • RBCD attack to be able to impersonate a domain admin using the CIFS/SMB service against the victim system where some higher-priv users were sitting
  • Use net.py to add myself to local admin on the victim host
  • Find a vulnerable service to hijack and have run an evil, TGT-gathering Rubeus.exe – found that Credential Guard was cramping my style!
  • Pulled the TGT from a host not protected with Credential Guard
  • Figured out the stolen user’s account has some “write” privileges to a domain controller
  • Use rbcd.py to delegate from GHOSTY and to the domain controller
  • Request a TGT for GHOSTY
  • Use getST.py to impersonate CIFS using a domain admin account on the domain controller (important thing here was to specify the DC by its FQDN, not just hostname)
  • Final move: use the domain admin ccache file to leverage net.py and add myself to the Active Directory Administrators group

Jaksot(688)

7MS #119: Migrating from Tumblr to Ghost-Part 1

7MS #119: Migrating from Tumblr to Ghost-Part 1

In this episode I talk about my adventures in moving my brianjohnson.tv Tumblr content over to a Digital Ocean hosted droplet running Ghost. I think you'll want to check this episode out, because in part 2 I talk about the challenges I faced in hosting multiple Ghost instances on one DI droplet. I will also be talking about how to enable CloudFlare SSL (for free!) as well as enabling Fail2Ban to keep annoying people/IPs from brute forcing your SSH root account!

17 Joulu 20158min

7MS #118: Should Phishing be Fair?

7MS #118: Should Phishing be Fair?

This episode discusses an important and rhetorical (to me) infosec question: Should phishing campaigns be "fair?"

15 Joulu 20157min

7MS #117: OFFTOPIC-Alive Inside

7MS #117: OFFTOPIC-Alive Inside

Today I talk about one of the most moving films I've ever seen - a documentary called Alive Inside.

10 Joulu 20157min

7MS #116: Tips for a Succesful Vulnerability Scan

7MS #116: Tips for a Succesful Vulnerability Scan

In this episode I complain about getting stuck in NY for two days, and also how to efficiently scan for vulnerabilities when your time is crunched.

8 Joulu 201514min

7MS #115: OFFTOPIC-Love and Mercy

7MS #115: OFFTOPIC-Love and Mercy

We're going off-topic today and talking about the new(ish) movie about Brian Wilson's life called Love and Mercy.

4 Joulu 20157min

7MS #114: PCI Pentesting 101-Part 3

7MS #114: PCI Pentesting 101-Part 3

Part 3 on my series about PCI pentesting. Yeah. That.

2 Joulu 20157min

7MS #113: Big Bag of Random Security Stuff

7MS #113: Big Bag of Random Security Stuff

Yep, this episode is EXACTLY what the title implies.

27 Marras 201510min

7MS #112: This is Sparta!

7MS #112: This is Sparta!

This episode is about one of my favorite enumeration tools called Sparta - it's built right into Kali 2. And maybe it was in Kali 1 and I totally missed it. But whatevs. I'm happy to have found it now!

25 Marras 20158min

Suosittua kategoriassa Politiikka ja uutiset

ootsa-kuullut-tasta-2
rss-podme-livebox
aikalisa
rss-ootsa-kuullut-tasta
politiikan-puskaradio
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
rss-vaalirankkurit-podcast
aihe
rss-sinivalkoinen-islam
rikosmyytit
rss-raha-talous-ja-politiikka
the-ulkopolitist
rss-mina-ukkola
politbyroo
radio-antro
rss-merja-mahkan-rahat
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
linda-maria
rss-hyvaa-huomenta-bryssel