7MS #533: Tales of Pentest Pwnage - Part 40
7 Minute Security12 Elo 2022

7MS #533: Tales of Pentest Pwnage - Part 40

Ok, ok, I know. I almost always say something like "Today is my favorite tale of pentest pwnage." And guess what? Today is my favorite tale of pentest pwnage, and I don't even know how it's going to end yet, so stay tuned to next week's (hopefully) exciting conclusion. For today, though, I've got some pentest tips to hopefully help you in your journeys of pwnage:

  • PowerHuntShares is awesome at finding SMB shares and where you have read/write permissions on them. Note there is a -Threads flag to adjust the intensity of your scan.
  • Are your mitm6 attacks not working properly - even though they look like they should? There might be seem LDAP/LDAPs protections in play. Use LdapRelayScan to verify!
  • Are you trying to abuse Active Directory Certificate Services attack ESC1 but things just don't seem to be working? Make sure the cert you are forging is properly representing the user you are trying to spoof by using Get-LdapCurrentUser.ps1. Also look at PassTheCert as another tool to abuse ADCS vulnerabilities.

Example syntax for LdapCurrentUser:

Get-LdapCurrentUser -certificate my.pfx -server my.domain.controller:636 -usessl -CertificatePassword admin

  • If you manage to get your hands on an old Active Directory backup, this PowerShell snippet will help you get a list of users from the current domain, sorted by passwordlastset. That way you can quickly find users who haven't changed their password since the AD backup:

get-aduser -filter * -server victimdomain.local -properties pwdlastset,passwordlastset,enabled | where { $_.Enabled -eq $True} | select-object samaccountname,passwordlastset | sort-object passwordlastset

Jaksot(719)

7MS #711: How to Secure Your Community

7MS #711: How to Secure Your Community

Hello friends, it's good to be back with you.  I took a podcast hiatus in January to focus on helping communities affected by Operation Metro Surge.  Today I share how my family and community has been...

27 Helmi 51min

7MS #710: I'm Taking a Break

7MS #710: I'm Taking a Break

Hi friends, I'm going to be taking a break from producing podcast episodes, as well as content over at 7MinSec.club.  It's a temporary break, so please don't unsubscribe, unfollow, etc.  I need some e...

17 Tammi 4min

7MS #709: Second Impressions of Twingate

7MS #709: Second Impressions of Twingate

Hey friends, in episode #649 I gave you my first impressions of Twingate.  It's been a minute, so I thought I'd revisit Twingate (specifically this awesome Twingate LXC) and talk about how we're using...

10 Tammi 20min

7MS #708: Tales of Pentest Fail – Part 6

7MS #708: Tales of Pentest Fail – Part 6

After sharing a recent story about how a phishing campaign went south, I heard feedback from a lot of you.  You either commiserated with my story, told me I wussed out, and/or had a difficult story of...

2 Tammi 25min

7MS #707: Our New Pentest Course Has Launched!

7MS #707: Our New Pentest Course Has Launched!

Today we're thrilled to announce the launch of LPLITE:GOAD (Light Pentest Live Interactive Training Experience: Game of Active Directory). The first class is coming up Tuesday, January 27 – Thursday, ...

26 Joulu 202514min

7MS #706: Tales of Pentest Pwnage – Part 80

7MS #706: Tales of Pentest Pwnage – Part 80

I'm so excited to share today's tale of pentest pwnage, because it brings back to life a coercion technique I thought wouldn't work against Windows 11! Spoiler alert: check out rpc2efs, as well as the...

19 Joulu 202529min

7MS #705: A Phishing Campaign Fail Tale

7MS #705: A Phishing Campaign Fail Tale

This might be obvious, but security is not all domain admin dancing and maximum pwnage. Sometimes, despite my best efforts, a security project does a faceplant. Today's episode focuses on a phishing c...

12 Joulu 202521min

7MS #704: DIY Pentest Dropbox Tips – Part 12

7MS #704: DIY Pentest Dropbox Tips – Part 12

Hola friends!  My week has very much been about trying to turnaround pentest dropboxes as quickly as possible.  In that adventure, I came across two time-saving discoveries: Using a Proxmox LXC as a ...

5 Joulu 202524min

Suosittua kategoriassa Politiikka ja uutiset

uutiscast
aikalisa
politiikan-puskaradio
ootsa-kuullut-tasta-2
rss-ootsa-kuullut-tasta
tervo-halme
viisupodi
rss-podme-livebox
aihe
rss-vaalirankkurit-podcast
rss-asiastudio
rss-ulkopoditiikkaa
rss-pinnalla
otetaan-yhdet
the-ulkopolitist
radio-antro
rss-mina-ukkola
rss-polikulaari-pitka-kiekko-ja-muut-ts-podcastit
rss-girls-finish-f1rst
rikosmyytit