Hello There, Guest! Register

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[E-Book] The Hacker Playbook 2 - Practical Guide to Penetration Testing
#1
Quote:
[Image: 81RczHf728L.jpg]

Introduction : 
  1. You have been hired as a penetration tester for a large industrial company called Secure Universal Cyber Kittens, Inc. or SUCK, for short. They are developing future weapons to be used by the highest bidder and you have been given the license to kill…okay, maybe not kill, but the license to hack. This authorization gives you full approval to use any tactic in your arsenal to try to break into and steal the company’s trade secrets. As you pack your laptop, drop boxes, rubber duckies, Proxmarks, and cables, you almost forget the most important thing…The Hacker Playbook 2 (THP). You know that THP will help get you out of some of the stickiest situations. Your mind begins hazing back to your last engagement…
  2. After cloning some badges and deploying your drop box on the network, you run out of the office, barely sneaking past the security guards. Your drop box connects back to your SSH server and now you are on their network. You want to stay pretty quiet on the network and not trigger any IDS signatures. What do you look for? You flip to the Before the Snap chapter and remember printers!
  3. You probe around for a multifunction printer and see that it is configured with default passwords.
  4. Great! You re-configure LDAP on the printer, set up your netcat listener, and obtain Active Directory credentials. Since you don’t know what permissions these credentials have, you try to psexec to a Windows machine with a custom SMBexec payload. The credentials work and you are now a regular user. After a couple tricks with PowerTools in the Lateral Pass section, you move to local admin and pull passwords from memory with Mimikatz. Phew… you sigh… this is too easy. After pulling passwords for a few accounts, you find where the domain admins (DA) are and connect to their boxes to pull passwords again. With domain admin creds, it is pretty straightforward to dump the Domain controller (DC) with psexec_ntdsgrab and then clear your tracks…
Download here : Google Drive
┌[ A. Djalil | jlcnate@codernate.org
└[ root@jlcnate:~ ] --> Fabiai-yi aalaa-i rabbikumaa tukadz-dzibaan
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)