PenTest

Understanding Kerberos Authentication

by

Views: 18Kerberos Authentication krbtgt account -→ KDC Service Account Ticket Details Authorization Data is Microsoft addition to Kerberos; can be manipulated to modify Group membership..etc and launch attacks. Domian Policy about Kerberos settings (default): The Authentication Service (AS) exchange ([RFC4120] section 3.1):<1> The Ticket-Granting Service (TGS) exchange ([RFC4120] section 3.3): The Client/Server Authentication Protocol (AP) exchange ([RFC4120] section … Read more

PowerView Cheat Sheet

by

Views: 146up-to-date version of PowerView: New function naming schema: Verbs: Get : retrieve full raw data sets Find : ‘find’ specific data entries in a data set Add : add a new object to a destination Set : modify a given object Invoke : lazy catch-all Nouns: Verb-Domain* : indicates that LDAP/.NET querying methods are … Read more

Attacking Kerberos

by

Views: 23Kerberos Kerberos is the default authentication service for Microsoft Windows domains. It is intended to be more “secure” than NTLM by using third party ticket authorization as well as stronger encryption. Even though NTLM has a lot more attack vectors to choose from Kerberos still has a handful of underlying vulnerabilities just like NTLM … Read more

Linux Privilege Escalation

by

Views: 12Privilege escalation is all about: Collect – Enumeration, more enumeration and some more enumeration. Process – Sort through data, analyse and prioritisation. Search – Know what to search for and where to find the exploit code. Adapt – Customize the exploit, so it fits. Not every exploit work for every system “out of the … Read more

LINUX 101

by

Views: 8Linux File System Path Description / The top-level directory is the root filesystem and contains all of the files required to boot the operating system before other filesystems are mounted as well as the files required to boot the other filesystems. After boot, all of the other filesystems are mounted at standard mount points … Read more

Attacking Drupal

by

Views: 47Leveraging Known Vulnerabilities Over the years, Drupal core has suffered from a few serious remote code execution vulnerabilities, each dubbed Drupalgeddon. At the time of writing, there are 3 Drupalgeddon vulnerabilities in existence. Drupalgeddon Manual exploitation As stated previously, this flaw can be exploited by leveraging a pre-authentication SQL injection which can be used to … Read more

PenTest 101 – Cheat Sheet

by

Views: 45 Command Description sudo nano /etc/hosts Opens the /etc/hosts with nano to start adding hostnames sudo nmap -p 80,443,8000,8080,8180,8888,10000 –open -oA web_discovery -iL scope_list Runs an nmap scan using common web application ports based on a scope list (scope_list) and outputs to a file (web_discovery) in all formats (-oA) eyewitness –web -x web_discovery.xml -d <nameofdirectorytobecreated> Runs eyewitness using a … Read more