Home / Month: January 2022

Month: <span>January 2022</span>

Unauthenticated Dumping of Usernames via Cisco Unified Call Manager (CUCM)

January 29, 2022 n00py

0 Comment

This blog is about something I found recently regarding Cisco Unified Call Manager (CUCM). While playing around with SeeYouCM Thief, which is designed to download parse configuration files from Cisco phone systems, I noticed something interesting within a configuration file. There was an XML element in the configuration files named <secureUDSUsersAccessURL>. The value pointed to…

Adding DCSync Permissions from Linux

January 19, 2022 n00py

Pentesting persistence Post Exploitation

0 Comment

Recently I came upon an attack path in BloodHound that looked like this: I had control of a computer object (an Exchange server) that effectively had WriteDacl over the domain. I had a few constraints as well: All systems were configured with EDR I only had the AES key of the computer account, not the…

Search for:
Categories
Categories
n00py Blog
January 2022

M T W T F S S

1 2

3 4 5 6 7 8 9

10 11 12 13 14 15 16

17 18 19 20 21 22 23

24 25 26 27 28 29 30

31

« Sep Mar »
Archives
Follow @n00py1
Tweets by n00py1

n00py Blog

Month: <span>January 2022</span>

Unauthenticated Dumping of Usernames via Cisco Unified Call Manager (CUCM)

Adding DCSync Permissions from Linux

Categories

n00py Blog

Archives

Categories