Hey friends, today our pal Hackernovice joins us for a tool (actually two tools!) release party:

• • EvilFortiAuthenticator – it’s like a regular FortiAuthenticator, but evil.  This tool allows you to capture the FortiAuthenticator API and subsequently steal the entire device’s config, subsequently allowing you to restore the config to a second server and potentially steal cleartext Active Directory creds and SMTP accounts!  We talk about
    • BulletsPassView – a tool that originially allowed us to simply unmask the “hidden” API key in the FortiAuthenticator client (this did NOT work in the latest version of FAC).
    • Once you get the API key, check out Fortinet’s documentation to do fun things like dump the whole config to a file on disk!
    • After you steal the config and restore it to a fresh FortiAuthenticator, use maintenance mode to reset the admin password.
    • Once you can adjust the restored config to your liking, try using MITMsmtp to capture email server creds in the clear!
  • TCMLobbyBBQ – this tool has nothing to do with security, but helps PC players of the Texas Chain Saw Massacre get into lobbies more efficiently.