Kerbrute

by Vince
in Blog
Hits: 777

Kerbrute:  "A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication"

When running Nmap, we come across a server with open SMB ports and we might run Enum4Linux to gather information about the server.  In some cases, like with more modern and hardened servers, we probably won't get a whole lot of information.  But let's say when we run that Nmap scan, we see that Kerberos is running, that gives us another avenue for enumeration.

Read more

Token Impersonation with Incognito

by Vince
in Blog
Hits: 1039

Token impersonation is a technique that allows one user to impersonate another user -- assuming they have the privileges to do so.  In this post, we're going to use Meterpreter but this can be done with other tools as well.  I believe PowerSploit has Invoke-TokenManipulation.ps1 which will do something along the same lines.  Aside from an improper configuration, we could run into this situation where a service account has privileges, we take over that service account, and from there, we can elevate to administrator or NT AUTHORITY\SYSTEM.

Read more

Shells on Jenkins

by Vince
in Blog
Hits: 515

In a previous post, I wrote about Exploiting Jenkins.  So what is Jenkins?  "The leading open source automation server, Jenkins provides hundreds of plugins to support building, deploying and automating any project."  My interest in Jenkins is purely from the exploitation side and my avenue for entry has either been through Metasploit or the Groovy Scripting Console.  Like most things hacking, if you really want to learn how to exploit something, you install it, configure it, and deploy it -- you will get a much better understanding of the nuts and bolts.  I rarely see Jenkins, I've yet to go down that rabbit hole and it should come as no surprise then that I discovered another way to get a shell.

Read more