7MS #369: Cracking Hashes with NPK
7 Minute Security28 Jun 2019

7MS #369: Cracking Hashes with NPK

Today's episode is brought to you by my friends at safepass.me. Safepass.me is the most efficient and cost-effective solution to prevent Active Directory users from setting a weak or compromised password. It's in compliance with the latest NIST password guidelines, and is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

Today I'm having a blast with cracking hashes quickly and cost-effectively using NPK.

For 1+ years I've loved my Paperspace config, but lately I've had some reservations about it:

  • People are telling me they're having problems installing the drivers
  • My methodology for building wordlists with HateCrack doesn't seem to work anymore
  • I often pay a lot of $ for idle time since you pay ~$5/month just for the VM itself, and then a buck and change per hour the box is running - even when it's not cracking anything.

This week on a pentest I wasn't capturing many hashes, and when I finally did it was a really valuable one. So I wanted to throw more "oomph" at the hash but don't have a ton of days to spare.

Enter NPK which lets you submit a hash, decide how much horsepower to throw at it, and even set a max amount of $ to spend on the effort. Super cool! I'm loving it so far!

Note: I did have a heck of a time with the install (I'm sure it was a me thing) so I wrote up this gist to help others who might hit the same issue:

Happy crackin'!

Episoder(499)

7MS #671: Pentesting GOAD

7MS #671: Pentesting GOAD

Hello! This week Joe “The Machine” Skeen and I kicked off a series all about pentesting GOAD (Game of Active Directory).  In part one we covered: Checking for null session enumeration on domain controllers Enumerating systems with and without SMB signing Scraping AD user account descriptions Capturing hashes using Responder Cracking hashes with Hashcat

18 Apr 25min

7MS #670: Adventures in Self-Hosting Security Services

7MS #670: Adventures in Self-Hosting Security Services

Hi friends, today I’m kicking off a series talking about the good/bad/ugly of hosting security services. Today I talk specifically about transfer.zip. By self-hosting your own instance of transfer.zip, you can send and receive HUGE files that are end-to-end encrypted using WebRTC.  Sweet!  I also supplemented today’s episode with a short live video over at 7MinSec.club.

11 Apr 36min

7MS #669: What I’m Working on This Week – Part 3

7MS #669: What I’m Working on This Week – Part 3

Hi friends, in this edition of what I’m working on this week: 3 pulse-pounding pentests that had…problems Something I’m calling the unshadow/reshadow credentials attack Heads-up on a new video experiment I’m going to try next week

4 Apr 42min

7MS #668: Tales of Pentest Pwnage – Part 69

7MS #668: Tales of Pentest Pwnage – Part 69

Hola friends! Today’s tale of pentest pwnage talks about abusing Exchange and the Azure ADSync account! Links to the discussed things: adconnectdump – for all your ADSync account dumping needs! Adam Chester PowerShell script to dump MSOL service account dacledit.py (part of Impacket) to give myself full write privileges on the MSOL sync account: dacledit.py -action ‘write’ -rights ‘FullControl’ -principal lowpriv -target MSOL-SYNC-ACCOUNT -dc-ip 1.2.3.4 domain.com/EXCHANGEBOX$ -k -no-pass Looking to tighten up your Exchange permissions – check out this crazy detailed post

28 Mar 30min

7MS #667: Pentesting GOAD SCCM - Part 2!

7MS #667: Pentesting GOAD SCCM - Part 2!

Hey friends, our good buddy Joe “The Machine” Skeen and I are back this week with part 2 (check out part 1!) tackling GOAD SCCM again!  Spoiler alert: this time we get DA!  YAY! Definitely check out these handy SCCM resources to help you – whether it be in the lab or IRL (in real life): GOAD SCCM walkthrough MisconfigurationManager – tremendous resource for enumerating/attacking/privesc-ing within SCCM This gist from Adam Chester will help you decrypt SCCM creds stored in SQL

21 Mar 28min

7MS #666: Tales of Pentest Pwnage – Part 68

7MS #666: Tales of Pentest Pwnage – Part 68

Today we have a smattering of miscellaneous pentest tips to help you pwn all the stuff! Selective Snaffling with Snaffler The importance of having plenty of dropbox disk space – for redundant remote connectivity and PXE abuse! TGTs can be fun for SMB riffling, targeted Snaffling, netexec-ing and Evil-WinRMing!

14 Mar 45min

7MS #665: What I'm Working on This Week - Part 2

7MS #665: What I'm Working on This Week - Part 2

Hello there friends, I’m doing another “what I’m working on this week” episode which includes: BPATTY v1.6 release – big/cool/new content to share here PWPUSH – this looks to be an awesome way (both paid and free) to securely share files and passwords

7 Mar 28min

7MS #664: What I’m Working on This Week

7MS #664: What I’m Working on This Week

In today’s episode I talk about what I’m working on this week, including: Playing with Sliver C2 and pairing it with ShellcodePack Talking about Netexecer, my upcoming tool that helps automate some of the early/boring stuff in an internal pentest A gotcha to watch out for if utilizing netexec’s MSSQL upload/download functionality

28 Feb 25min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
forklart
popradet
stopp-verden
bt-dokumentar-2
dine-penger-pengeradet
fotballpodden-2
det-store-bildet
nokon-ma-ga
e24-podden
frokostshowet-pa-p5
aftenbla-bla
rss-dannet-uten-piano
rss-ness
rss-penger-polser-og-politikk
unitedno
rss-borsmorgen-okonominyhetene
rss-fredrik-og-zahid-loser-ingenting