7MS #432: Tales of Internal Network Pentest Pwnage - Part 21

7MS #432: Tales of Internal Network Pentest Pwnage - Part 21

Yay! It's time for another tale of pentest pwnage! Highlights include:

  • Making sure you take multiple rounds of "dumps" to get all the delicious local admin creds.

  • Why lsassy is my new best friend.

  • I gave a try to using a Ubuntu box instead of Kali as my attacking system for this test. I had pretty good results. Here's my script to quickly give Ubuntu a Kali-like flair:

sudo apt-get update sudo apt-get upgrade -y sudo apt-get install openssh-server -y sudo apt-get install nmap curl dnsrecon git net-tools open-vm-tools-desktop python3.8 python3-pip unzip wget xsltproc -y #Aha helps take output from testssl.sh and make it nice and HTML-y sudo git clone https://github.com/theZiz/aha.git /opt/aha #Awesome-nmap-grep makes it easy to grep nmap exports for just the data you need! sudo git clone https://github.com/leonjza/awesome-nmap-grep.git /opt/awesome-nmap-grep #bpatty is...well...bpatty! sudo git clone https://github.com/braimee/bpatty.git /opt/bpatty #CrackMapExec is...awesome sudo mkdir /opt/cme cd /opt/cme sudo curl https://github.com/byt3bl33d3r/CrackMapExec/releases/download/v5.1.0dev/cme-ubuntu-latest.1.zip -L -o cme.zip sudo unzip cme.zip sudo chmod +x ./cme #eyewitness is a nice recon tool for putting some great visualization behind nmap scans sudo git clone https://github.com/FortyNorthSecurity/EyeWitness.git /opt/eyewitness cd /opt/eyewitness/Python/setup sudo ./setup.sh #impacket is "a collection of Python classes for working with network protocols" #I currently primarily use it for ntlmrelayx.py sudo git clone https://github.com/CoreSecurity/impacket.git /opt/impacket cd /opt/impacket sudo pip3 install . #mitm6 is a way to tinker with ip6 and get around some ip4-level protections sudo git clone https://github.com/fox-it/mitm6.git /opt/mitm6 cd /opt/mitm6 sudo pip3 install -r requirements.txt # install service-identity sudo pip3 install service-identity # lsassy sudo python3 -m pip install lsassy #nmap-bootstrap-xsl turns nmap scan output into pretty HTML sudo git clone https://github.com/honze-net/nmap-bootstrap-xsl.git /opt/nmap-bootstrap-xsl #netcreds "Sniffs sensitive data from interface or pcap" sudo git clone https://github.com/DanMcInerney/net-creds /opt/netcreds #PCCredz parses pcaps for sensitive data sudo git clone https://github.com/lgandx/PCredz /opt/pcredz #Powersploit is "a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment" sudo git clone https://github.com/PowerShellMafia/PowerSploit.git /opt/powersploit #PowerupSQL is a tool for discovering, enumerating and potentially pwning SQL servers! sudo git clone https://github.com/NetSPI/PowerUpSQL.git /opt/powerupsql #responder is awesome for LLMNR, NBT-NS and MDNS poisoning sudo git clone https://github.com/lgandx/Responder.git /opt/responder

Avsnitt(684)

7MS #99: How to Deliver Bad News in a Good Way

7MS #99: How to Deliver Bad News in a Good Way

Today's episode gives you some tips on how to deliver bad news in an assessment in a positive way. I think that last sentence was a grammatical nightmare.

2 Okt 20158min

7MS #98: Intro to PCI Scoping

7MS #98: Intro to PCI Scoping

So far I've focused on the technical aspects of PCI, but I'm trying to get familiar with the overall scoping questions that my tenacious QSA friends ask when they start a gap analysis. This episode shares some interesting tidbits I learned while doing some QSA "shadowing" on an assessment of a restaurant.

30 Sep 20158min

7MS #97: OFFTOPIC-Limbo

7MS #97: OFFTOPIC-Limbo

We're going off topic today and talking about video games! LIMBO for the Xbox!

25 Sep 20157min

7MS #96: How to Make Enemies During a Security Assessment

7MS #96: How to Make Enemies During a Security Assessment

Yep, we're talking about how to make ENEMIES during a security assessment today (and maybe turn them into friends).

23 Sep 20159min

7MS #95: How to Make Friends During a Security Assessment

7MS #95: How to Make Friends During a Security Assessment

When you start a security assessment with a company, not everybody's gonna be glad to see you. The IT dept and other employees may have tense shoulders, thinking that this is an Office Space situation where they're interviewing for their jobs. This episode talks about some ways you might be able to get your assessment off to a right start.

17 Sep 20157min

7MS #94: Learn How to Burp - Part 1

7MS #94: Learn How to Burp - Part 1

I've been looking for better ways to learn Burp Suite and I struck gold! Check out my recommendations in today's episode!

15 Sep 20158min

7MS #93: Securing Your Life

7MS #93: Securing Your Life

So yeah, this is kind of off-topic, but have you thought about security in the sense of "What kinds of security things should I be doing before I'm dead?" Today's episode explores that.

11 Sep 20158min

7MS #92: You're Not Ready for Big Boy Security Pants

7MS #92: You're Not Ready for Big Boy Security Pants

Sometimes I get in situations where clients want their WHOLE security program reviewed, but in reality, they are still in the baby steps phase. What's the right thing to do when, for lack of a better term, the client isn't ready to put on their security big boy points?

9 Sep 20157min

Populärt inom Politik & nyheter

p3-krim
svd-dokumentara-berattelser-2
rss-krimstad
flashback-forever
rss-viva-fotboll
olyckan-inifran
aftonbladet-daily
rss-vad-fan-hande
rss-sanning-konsekvens
svenska-fall
krimmagasinet
rss-expressen-dok
motiv
fordomspodden
svd-nyhetsartiklar
dagens-eko
rss-frandfors-horna
blenda-2
spar
spotlight