7MS #450: DIY Pentest Dropbox Tips - part 4
7 Minute Security15 Jan 2021

7MS #450: DIY Pentest Dropbox Tips - part 4

Hey friends! We're continuing our series on pentest dropbox building - specifically playing off last week's episode where we started talking about automating the OS builds that go on our dropboxes. Today we'll zoom in a little closer and talk about some of the specific scripting we do to get a Windows 2019 Active Directory Domain Controller installed and updated so that it's ready to electronically punch in the face with some of your mad pentesting skills! Specifically, we talk about these awesome commands:

tzutil /s "Central Standard Time" - this is handy to set the time zone of your server build

powercfg.exe -change -standby-timeout-ac 0 will stop your VM from falling asleep

Invoke-WebRequest "https://somesite/somefile.file" -OutFile "c:\some\path\somefile.file" is awesome for quickly downloading files you need. Couple it with Expand-Archive "C:\some\path\some.zip" "c:\path\to\where\you\want\to\extract\the\zip" to make auto-provisioning your toolkit even faster!

Don't like it that Server Manager loves to rear its dumb head upon every login? Kill the task for it with Get-ScheduledTask -TaskName ServerManager | Disable-ScheduledTask -Verbose. Byeeeeee!!!!

I love Chrome more than I love IE/Edge, so I auto install it with:

$Path = $env:TEMP; $Installer = "chrome_installer.exe"; Invoke-WebRequest "http://dl.google.com/chrome/install/375.126/chrome_installer.exe" -OutFile $Path\$Installer; Start-Process -FilePath $Path\$Installer -Args "/silent /install" -Verb RunAs -Wait; Remove-Item $Path\$Installer

Now get all the Windows updates!

Install-PackageProvider -name nuget -force Install-Module PSWindowsUpdate -force Import-Module PSWindowsUpdate Get-WindowsUpdate Install-WindowsUpdate -AcceptAll -IgnoreReboot

Then rename your machine:

Write-Host "Picking a new name for this machine...you'll need to provide your admin pw to do so" Rename-Computer -LocalCredential administrator -PassThru Write-Host "New name accepted!"

When you're ready to install Active Directory, you can grab the RSAT tools:

Write-Host "Lets install the RSAT tooleeeage!" add-windowsfeature -name rsat-adds

And then the AD domain services themselves:

Write-Host "Now lets install the AD domain services!" add-windowsfeature ad-domain-services

Then install the new forest:

install-addsforest -domainname your.domain -installdns -DomainNetbiosName yourdomain

Episoder(720)

7MS #600: First Impressions of Using AI on Penetration Tests

7MS #600: First Impressions of Using AI on Penetration Tests

Hey friends, today I share my experience working with ChatGPT, Ollama.ai, PentestGPT and privateGPT to help me pentest Active Directory, as well as a machine called Pilgrimage from HackTheBox. Will AI...

1 Des 202322min

7MS #599: Baby's First Responsible Disclosure

7MS #599: Baby's First Responsible Disclosure

Today we talk about our first experience working through the responsible disclosure process after finding vulnerabilities in a security product. We cannot share a whole lot of details as of right now,...

25 Nov 202338min

7MS #598: Hacking Billy Madison - Part 4

7MS #598: Hacking Billy Madison - Part 4

Today our good buddy Paul and I keep trying to hack the VulnHub machine based on the movie Billy Madison (see part 1 and 2 and 3). In today's final chapter, Paul and I: Find Eric's secret SSH back d...

17 Nov 202324min

7MS #597: Let's JAMBOREE (Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy) with Robert McCurdy

7MS #597: Let's JAMBOREE (Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy) with Robert McCurdy

Today we had a blast talking with Robert McCurdy about JAMBOREE (Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy)! JAMBOREE allows you to quickly spin up a portable Git/Python/Java environment a...

11 Nov 202332min

7MS #596: How to Succeed in Business Without Really Crying - Part 13

7MS #596: How to Succeed in Business Without Really Crying - Part 13

After about a year break (last edition of this series was in October, 2022, we're back with an updated episode of How to Succeed in Business Without Really Crying. We cover: Why we're not planning on...

4 Nov 202331min

7MS #595: Choosing the Right XDR Strategy with Matt Warner of Blumira

7MS #595: Choosing the Right XDR Strategy with Matt Warner of Blumira

Today we're joined by Matt Warner of Blumira (remember him from episodes #551 and #529 and #507?) to talk about choosing the right XDR strategy! There's a lot to unpack here. Are EDR, MDR and XDR rela...

31 Okt 20231h 3min

7MS #594: Using PatchMyPC to Auto-Update Pentest Dropboxes

7MS #594: Using PatchMyPC to Auto-Update Pentest Dropboxes

Today we're talking about how you can use PatchMyPc to keep your home PC and/or pentest dropbox automatically updated with the latest/greatest patches!

23 Okt 202329min

7MS #593: Hacking Billy Madison - Part 3

7MS #593: Hacking Billy Madison - Part 3

Hey friends, today my Paul and I kept trying to hack the VulnHub machine based on the movie Billy Madison (see part 1 and 2). In our journey we learned some good stuff: Port knocking is awesome using...

15 Okt 202338min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
forklart
popradet
stopp-verden
fotballpodden-2
rss-gukild-johaug
lydartikler-fra-aftenposten
nokon-ma-ga
det-store-bildet
hanna-de-heldige
dine-penger-pengeradet
rss-ness
rss-espen-lee-usensurert
aftenbla-bla
e24-podden
rss-dannet-uten-piano
rss-penger-polser-og-politikk
frokostshowet-pa-p5