PowerShell PSRemoting Pwnage

Scenario

You have obtained some level of admin creds, (local, domain or otherwise) to a windows server/domain, there is no RDP. There is however the WinRM service, PSRemoting to give it its other name, this allows an admin to create a remote PowerShell session to the server and run commands or scripts, very much like the ssh service used on Linux systems.
The admin level creds you have will allow you to connect to the remote server(s) via PSRemoting, and you will want to run hacker PowerShell tools in the remote session to further infiltrate the server or systems, however, given the lack of RDP and the locked down state of the network and services, you may struggle to get the likes of PowerSploit onto the remote system.

So for instance we might want to run Invoke-Mimikatz on the remote server to extract clear text credentials stored on the server. Lets explore PSRemoting in a liitle more depth.

Continue reading “PowerShell PSRemoting Pwnage”

Advertisements

Foolish Reliance On AntiVirus Software

I recently received an email from another Sys Admin pushing the idea of a single corporate  Anti Virus Solution and the importance of getting it in place ASAP and having a single Management console for Reporting, Management etc etc.

Now knowing what I know about this guys company I had to compile a little list of things he might think about or consider implementing before he puts all his eggs in this really rather ‘hole’ y basket.

As far as I know this guys company has few if any of the following suggestions or security polices in place, and I’m sure this is true of many companies in the world.

Continue reading “Foolish Reliance On AntiVirus Software”

Do Microsoft Have Tunnel Vision?

A recent post on Threatpost website reporting that the Stuxnet virus was reported over a year ago in Hackin9 magazine.

Why do they not have employee’s scouring the internet forums, IRC, mailing list etc to for warn the company of impending attacks or vulnerabilities.

Come Microsoft, Adobe get your acts together, hmmm I think I’ve been here already this week.

Article taken from ThreatPost

A security flaw affecting Microsoft’s Windows operating system that was exploited by the Stuxnet worm was publicly disclosed more than a year before the worm appeared, according to a researcher at Symantec Corp.

Microsoft, Adobe – Get Your Act Together

Having just read a post on one of my favorite blogs Attack Vector about the recent developments surrounding the new Adobe Reader 0day, here is the link to Matts excellent argument for all of us to sing the praises of open source or not so well known software applications that fulfill the same purpose as the over priced over vulnerable offerings from Microsoft and Adobe.

Continue reading “Microsoft, Adobe – Get Your Act Together”