Explore >> Select a destination
|
You are here 
|
bogs.io | ||
| | | | |
blog.ropnop.com
|
|
| | | | | I often need to copy a tool or a payload from my Kali linux attack box to a compromised Windows machine. These are some of my favorite techniques. | |
| | | | |
shenaniganslabs.io
|
|
| | | | | By default, domain joined Windows workstations allow access to the network selection UI from the lock screen. An attacker with physical access to a locked device with WiFi capabilities (such as a laptop or a workstation) can abuse this functionality to force the laptop to authenticate against a rogue access point and capture a MSCHAPv2 challenge response hash for the domain computer account. This challenge response hash can then be submitted to crack.sh to recover the NTLM hash of the computer account in less than 24 hours. Once recovered, this NTLM hash combined with the domain SID can be used to forge Kerberos silver tickets to impersonate a privileged user and compromise the host. An example of this is to create a silver ticket for the CIFS service of the laptop in order to authenticate over SMB as the SYSTEM user and gain unrestricted access to the hard disk. As the attack can be performed from a locked device, it can be utilised to bypass BitLocker full disk encryption and gain access to the devices file system. In addition, as silver tickets can be forged for privileged users, this attack can also be leveraged to elevate privileges to that of local administrator on the device. | |
| | | | |
taeluralexis.com
|
|
| | | | | Exploit a machine through SMB and elevate privileges by performing a kerberoasting attack on a domain admin. | |
| | | | |
securelist.com
|
|
| | | On October 10, 2017, we identified a new Adobe Flash zero day exploit used in the wild against our customers. The exploit was delivered through a Microsoft Office document and the final payload was the latest version of FinSpy malware. | ||
