This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.
Yay! It’s time for another tale of pentest pwnage! Highlights include:
-
Making sure you take multiple rounds of "dumps" to get all the delicious local admin creds.
-
Why lsassy is my new best friend.
-
I gave a try to using a Ubuntu box instead of Kali as my attacking system for this test. I had pretty good results. Here’s my script to quickly give Ubuntu a Kali-like flair:
sudo apt-get updatesudo apt-get upgrade -ysudo apt-get install openssh-server -ysudo apt-get install nmap curl dnsrecon git net-tools open-vm-tools-desktop python3.8 python3-pip unzip wget xsltproc -y#Aha helps take output from testssl.sh and make it nice and HTML-ysudo git clone https://github.com/theZiz/aha.git /opt/aha#Awesome-nmap-grep makes it easy to grep nmap exports for just the data you need!sudo git clone https://github.com/leonjza/awesome-nmap-grep.git /opt/awesome-nmap-grep#bpatty is...well...bpatty!sudo git clone https://github.com/braimee/bpatty.git /opt/bpatty#CrackMapExec is...awesome sudo mkdir /opt/cmecd /opt/cmesudo curl https://github.com/byt3bl33d3r/CrackMapExec/releases/download/v5.1.0dev/cme-ubuntu-latest.1.zip -L -o cme.zipsudo unzip cme.zipsudo chmod +x ./cme#eyewitness is a nice recon tool for putting some great visualization behind nmap scanssudo git clone https://github.com/FortyNorthSecurity/EyeWitness.git /opt/eyewitnesscd /opt/eyewitness/Python/setupsudo ./setup.sh#impacket is "a collection of Python classes for working with network protocols"#I currently primarily use it for ntlmrelayx.pysudo git clone https://github.com/CoreSecurity/impacket.git /opt/impacketcd /opt/impacketsudo pip3 install .#mitm6 is a way to tinker with ip6 and get around some ip4-level protectionssudo git clone https://github.com/fox-it/mitm6.git /opt/mitm6cd /opt/mitm6sudo pip3 install -r requirements.txt# install service-identitysudo pip3 install service-identity# lsassysudo python3 -m pip install lsassy#nmap-bootstrap-xsl turns nmap scan output into pretty HTMLsudo git clone https://github.com/honze-net/nmap-bootstrap-xsl.git /opt/nmap-bootstrap-xsl#netcreds "Sniffs sensitive data from interface or pcap"sudo git clone https://github.com/DanMcInerney/net-creds /opt/netcreds#PCCredz parses pcaps for sensitive datasudo git clone https://github.com/lgandx/PCredz /opt/pcredz#Powersploit is "a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment"sudo git clone https://github.com/PowerShellMafia/PowerSploit.git /opt/powersploit#PowerupSQL is a tool for discovering, enumerating and potentially pwning SQL servers!sudo git clone https://github.com/NetSPI/PowerUpSQL.git /opt/powerupsql#responder is awesome for LLMNR, NBT-NS and MDNS poisoningsudo git clone https://github.com/lgandx/Responder.git /opt/responder
Share on socials: