7MS #532: Tales of Pentest Pwnage - Part 39
7 Minute Security5 Elo 2022

7MS #532: Tales of Pentest Pwnage - Part 39

Hey friends, wow...we're up to thirty-nine episodes of pwnage? Should we make a cake when we hit the big 4-0?! Anyway, today's TLDL is this:

If you get a nagging suspicion about something you find during enumeration, make sure to either come back to it later, or exhaust the path right away so you don't miss something! Because I did :-/

A tip that's been helping me speed along my use of CrackMapExec and other tools is by using Kerberos authentication. You can grab a ticket for your test AD account by using Impacket like so:

gettgt.py victim.domain/LowPrivUser export KRB5CCNAME=LowPrivUser.ccache

Then in most tools you can pass the cred by doing something like:

crackmapexec smb DC01 -k

In my enumeration of this network, I used Certipy to find potential attack paths against Active Directory Certificate Services. Something cool I learned is that Certipy will spit out both a text and json dump so you can import into BloodHound and then pair that data with their custom queries json file for beautiful visual potential pwnage!

I ran into an issue where my certificate shenanigans resulted in an KDC_ERR_PADATA_TYPE_NOSUPP. I originally gave up on this attack path, only to learn about this awesome PassTheCert tool from this rad blog post! After initially being hesitant to use a tool I'd never heard of, I raised a GitHub issue to calm my nerves and, shortly after, found myself doing a domain admin dance.

Oh, and although I didn't use it on this specific pentest, coercer is an awesome tool that helps you, ya know, coerce things!

Jaksot(719)

7MS #15: PwnPad Initial Impressions (audio)

7MS #15: PwnPad Initial Impressions (audio)

In this episode I talk about my initial impressions of using the PwnPad for wireless pentesting. Download: 7MS #15: PwnPad Initial Impressions Show notes: Carrying around a Nexus 7 instead of a bulky ...

24 Touko 20146min

7MS #14: H8 4 Win8 (audio)

7MS #14: H8 4 Win8 (audio)

In this episode I talk about two (sort of) security related tips that I've learned by using Windows 8 wrong. Download: 7MS #14: H8 4 Win8 (audio) Show notes: Windows Defender doesn't seem to auto-upda...

10 Touko 20146min

7MS #13: How to Get Pwned by HP (audio)

7MS #13: How to Get Pwned by HP (audio)

In this episode I talk about how I had to sent my HP laptop in for repair and, to my surprise, it (allegedly) came back with a bonus: malware! Download: 7MS #13: How to Get Pwned by HP (audio) Show no...

3 Touko 20147min

7MS #12: Why My Domains Have Gan to Gandi (audio)

7MS #12: Why My Domains Have Gan to Gandi (audio)

In this episode I talk about an account takeover article that freaked me out, and why it changed a few things about how I handle my important online accounts. Download: 7MS #12: Why My Domains Have Ga...

28 Huhti 20147min

7MS #11: Overtraining your iPhone Touch ID (video)

7MS #11: Overtraining your iPhone Touch ID (video)

In this episode I totally throw my subscribers for a loop and do a VIDEO podcast about overtraining your Touch ID on your iPhone. Download: 7MS #11: Overtraining your iPhone Touch ID (video) Show note...

12 Huhti 20143min

7MS #10: Information Security for the Whole Family – part 2 (audio)

7MS #10: Information Security for the Whole Family – part 2 (audio)

In this episode I talk more about some infosec-y things I'm doing on the home front to nurture a security culture (if you will) with my wife and kids. Download: Episode 10: Information Security for th...

5 Huhti 20147min

7MS #9: Information Security for the Whole Family (audio)

7MS #9: Information Security for the Whole Family (audio)

In this episode I talk about how being an infosec guy has ruined my family's life (well, not really) Download: Episode 9: Information Security for the Whole Family (audio) Show notes: To keep peace in...

29 Maalis 20147min

7MS #8: CISSP – Is That the Cert for Me? (audio)

7MS #8: CISSP – Is That the Cert for Me? (audio)

In this episode I talk about my experience prepping for the CISSP exam. Download: Episode 8: CISSP – Is That the Cert for Me? (audio) Show notes: I used this book as my primary study tool. It comes wi...

22 Maalis 20147min

Suosittua kategoriassa Politiikka ja uutiset

uutiscast
aikalisa
politiikan-puskaradio
rss-ootsa-kuullut-tasta
ootsa-kuullut-tasta-2
tervo-halme
viisupodi
rss-podme-livebox
rss-vaalirankkurit-podcast
rss-asiastudio
aihe
rss-pinnalla
otetaan-yhdet
rss-girls-finish-f1rst
rss-ulkopoditiikkaa
the-ulkopolitist
et-sa-noin-voi-sanoo-esittaa
radio-antro
rss-mina-ukkola
rss-polikulaari-pitka-kiekko-ja-muut-ts-podcastit