7MS #589: Tales of Pentest Pwnage - Part 51
7 Minute Security15 Sep 2023

7MS #589: Tales of Pentest Pwnage - Part 51

In today's tale of pentest pwnage we talk about:

  • The importance of local admin and how access to even one server might mean instant, full control over their backup or virtualization infrastructure

  • Copying files via WinRM when copying over SMB is blocked:

$sess = New-PSSession -Computername SERVER-I-HAVE-LOCAL-ADMIN-ACCESS-ON -Credential *

...then provide your creds...and then:

copy-item c:\superimportantfile.doc -destination c:\my-local-hard-drive\superimportantfile.doc -fromsession $sess
  • If you come across PowerShell code that crafts a secure string credential, you may able to decrypt the password variable with:
[System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($MyVarIWantToDecryptGoesHere))

Episoder(684)

7MS #171: OFF-TOPIC - Easter Music

7MS #171: OFF-TOPIC - Easter Music

Show notes (actually, MUSIC notes in this case) can be found here: https://7ms.us/7ms-161-off-topic-easter-music/

24 Mar 201610min

7MS #170: Pentesting in a Vacuum - Part 3

7MS #170: Pentesting in a Vacuum - Part 3

Show notes are here: https://7ms.us/7ms-170-pentesting-in-a-vacuum-part-3/

22 Mar 201610min

7MS #169: Infosec News and Links Roundup

7MS #169: Infosec News and Links Roundup

Show notes are here: https://7ms.us/7ms-169-infosec-news-and-links-roundup/

19 Mar 201610min

7MS #168: Upgrading and Securing Your Digital Ocean Ghost Blog

7MS #168: Upgrading and Securing Your Digital Ocean Ghost Blog

Show notes are here! Go to https://7ms.us/7ms-168-upgrading-and-securing-your-digital-ocean-ghost-blog/

17 Mar 201611min

7MS #167: My Misadventures with SOAP Web Services

7MS #167: My Misadventures with SOAP Web Services

Show notes are here: https://7ms.us/7ms-167-my-first-dandy-experience-with-soap-web-services/

17 Mar 20168min

7MS #166: Infosec News and Links Roundup

7MS #166: Infosec News and Links Roundup

Show notes are here: https://7ms.us/7ms-166-infosec-news-and-links-roundup/

11 Mar 201612min

7MS #165: DIY Podcast

7MS #165: DIY Podcast

Show notes for today's episode are right here: https://7ms.us/7ms-165-diy-podcast/

10 Mar 20168min

7MS #164: Pentesting in a Vacuum - Part 2

7MS #164: Pentesting in a Vacuum - Part 2

Check out the show notes for today's episode here: https://7ms.us/7ms-164-pentesting-in-a-vacuum-part-2/

7 Mar 20168min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
stopp-verden
forklart
aftenpodden-usa
popradet
det-store-bildet
dine-penger-pengeradet
unitedno
fotballpodden-2
nokon-ma-ga
aftenbla-bla
rss-ness
rss-penger-polser-og-politikk
e24-podden
rss-fredrik-og-zahid-loser-ingenting
oppdatert
bt-dokumentar-2
amerikansk-politikk
rss-garne-damer