7MS #589: Tales of Pentest Pwnage - Part 51
7 Minute Security15 Sep 2023

7MS #589: Tales of Pentest Pwnage - Part 51

In today's tale of pentest pwnage we talk about:

  • The importance of local admin and how access to even one server might mean instant, full control over their backup or virtualization infrastructure

  • Copying files via WinRM when copying over SMB is blocked:

$sess = New-PSSession -Computername SERVER-I-HAVE-LOCAL-ADMIN-ACCESS-ON -Credential *

...then provide your creds...and then:

copy-item c:\superimportantfile.doc -destination c:\my-local-hard-drive\superimportantfile.doc -fromsession $sess
  • If you come across PowerShell code that crafts a secure string credential, you may able to decrypt the password variable with:
[System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($MyVarIWantToDecryptGoesHere))

Avsnitt(719)

7MS #134: I Got a New Job - Part 3

7MS #134: I Got a New Job - Part 3

This is a four-part series about my transition to a new job! The topics are as follows: Part 1: When it may be time to look for a new job (or not) Part 2: How to stand out during phone screenings and ...

1 Jan 20169min

7MS #133: I Got a New Job - Part 2

7MS #133: I Got a New Job - Part 2

This is a four-part series about my transition to a new job! The topics are as follows: Part 1: When it may be time to look for a new job (or not) Part 2: How to stand out during phone screenings and ...

1 Jan 20168min

7MS #132: I Got a New Job - Part 1

7MS #132: I Got a New Job - Part 1

This is a four-part series about my transition to a new job! The topics are as follows: Part 1: When it may be time to look for a new job (or not) Part 2: How to stand out during phone screenings and ...

1 Jan 20167min

7MS #131: How to Attempt a Two Week Pentest in Two Days

7MS #131: How to Attempt a Two Week Pentest in Two Days

The title says it all. I had two days to pentest a network that probably would've taken two or more people two weeks or more. I laughed. I cried. I had fun.

30 Dec 20158min

7MS #130: Sqlmap and Sqlninja FTW

7MS #130: Sqlmap and Sqlninja FTW

This episode talks about some fun I had using sqlmap, and how using it in conjunction with Sqlninja makes me happy to be alive.

29 Dec 20157min

7MS #129: Embarrassing Stories

7MS #129: Embarrassing Stories

In this episode I talk about face-planting in my office at the first job I had out of college.

27 Dec 20158min

7MS #128: Transparency is King

7MS #128: Transparency is King

In this episode, I talk about a restaurant infosec assessment I did, and how the recommendations coming out of that assessment didn't fit the standard "mold." I also talk about how being transparent a...

27 Dec 20159min

7MS #127: Intro to HIPAA Assessments

7MS #127: Intro to HIPAA Assessments

This episode covers a few HIPAA tidbits I picked up while preparing for - and executing - a HIPAA security assessment.

27 Dec 20159min

Populärt inom Politik & nyheter

svenska-fall
aftonbladet-krim
p3-krim
rss-krimstad
flashback-forever
politiken
blenda-2
aftonbladet-daily
rss-sanning-konsekvens
spar
rss-vad-fan-hande
motiv
dagens-eko
grans
svd-ledarredaktionen
rss-krimreportrarna
olyckan-inifran
spotlight
rss-frandfors-horna
rss-aftonbladet-krim