Monthly Archives: June 2017

Home »  2017 »  June

Comments Off on Create a targeted wordlist – to use with password audits

There are lots of ways to create a wordlist, you can just generate them, find pre-built ones online, etc.  In this case I want to create a wordlist that contains components specific to the organization I am auditing. cupp is good if you know details about individuals cupp -i cewl is good to scrape a website for words cewl -v -w cewl-wordlist-customer-site.txt there are other options, like following links more than 2 deep (-d option) or target words larger than 8 characters with the (-m 8 option)  or if you feel crazy, the -o option will spider to other sites

Comments Off on Windows (windblows) password audit notes

Well, it’s that time of the year/quarter/month…. whatever policy you have on performing the password audit…  Some of my notes are from references that are a few years old, so not sure if they will be around much longer, I hope so, they have good info.  Keep in mind I am using kali 2017.1 for my fun today. First Windows password audit, or as I call it, Windblows Password Audit. Retrieve the ntds.dit and SYSTEM file: – notes from C:\>ntdsutil ntdsutil: Activate Instance ntds ntdsutil: ifm ifm: create full c:\cool-pass-pentest-audit ifm: quit ntdsutil: quit copy the c:\cool-pass-pentest-audit folder to your kali box install the libesedb-utils apt install libesedb-utils export the ntds tables – notes from esedbexport -m tables ntds.dit (this may take a while…a long while) Now we need to extract the hashes…. currently I am using this: git clone python ntdsxtract/ ntds.dit.export/datatable.4 ntds.dit.export/link_table.6 hashdumpwork –syshive SYSTEM –passwordhashes –lmoutfile […]

Comments Off on SSH proxy through my VM cloud server (using firejail and chrome)

Oh.. you have country blocking turned on at the firewall… or some other web filter or firewall that is preventing you from viewing a website. Keep in mind you do need a server you have access to via ssh… I like cloud servers, they tend to not have web First we need to setup the ssh socks5 proxy, we will ssh into our VM (virtual machine server) and proxy through there on local port 8080: ssh -D 8080 myuser@myserver.mydomain Now, keep in mind I am using Kali 2017.1 for this next part but you can use other distros and even configure other browsers to connecto to your localhost:8080 proxy, I am using firejail and google-chrome. Firejail allows me to have an independant isolated browser running so I can still have my regular browser up and running as needed. This is how we connect: firejail –private google-chrome –proxy-server=”socks5://localhost:8080″ Boom, good […]