PowerShell ConstrainedLanguage Mode ByPass

by Vince
in Blog
Hits: 837

What is Language Mode and what is ConstrainedLanguage Mode?  "The language mode determines the language elements that are permitted in the session.  The ConstrainedLanguage mode permits all cmdlets and all PowerShell language elements, but it limits permitted types."  So what does that really mean?  It means that in the context of compromising a system, we will be presented with an obstacle that we will need to overcome in order to execute PowerShell.  Below is FullLanguage Mode:

Read more

Abusing SeImpersonatePrivilege

by Vince
in Blog
Hits: 764

SeImpersonatePrivilege is one of those rights that I've yet to see used in the real world. 

Per the screenshot below:  'When you assign the "Impersonate a client after authentication" user right to a user, you permit programs that run on behalf of that user to impersonate a client.'  

Read more

Socat Reverse Shell Relay

by Vince
in Blog
Hits: 3134

From the man pages:  "Socat is a command line based utility that establishes two bidirectional byte streams and transfers data between them."  Think of Socat as another tool like Netcat, Chisel, or anything else that can do port forwarding and such.  Where Socat comes in handy is when we've pivoted into an environment and we want to funnel traffic back out.  For this post, let's say we want to catch a reverse shell but we're one or two segments deep.

Read more