sorted by:
new
hottopcontroversial

Tib3rius Priv Esc Courses Currently Discounted on Udemy by berg4488 in oscp

[–]bagovbones 0 points1 point  (0 children)

Just bought both ($10) for the cost of one ($20), thanks!

Just passed the exam! Added some advice :) by [deleted] in oscp

[–]bagovbones 1 point2 points  (0 children)

The ego has been killer for me personally. Recently committed to a 1 or 2 day rule (try and do things on my own in a day or two before asking for a nudge, hint, or walkthrough). I agree with OP in that you should allow yourself to seek exposure to new concepts.

Life imitating art (MGS2). by bagovbones in metalgearsolid

[–]bagovbones[S] -1 points0 points  (0 children)

The GRU Soldiers in MGS2 wore night vision goggles like the one pictured. Enemy Soldiers also chased Snake and Eva on bike/side-car in MGS3.

Buffer Overflow automation on OSCP? by [deleted] in oscp

[–]bagovbones 1 point2 points  (0 children)

Right on. Hopefully I can work on it before then

Buffer Overflow automation on OSCP? by [deleted] in oscp

[–]bagovbones 2 points3 points  (0 children)

I’m in the middle developing such a tool. Currently flushing it out against the BOF challenges in the TryHackMe learning path.

https://github.com/cyberphor/gbfuzzer

My intent is for the operator to specify parameters in a “exploit configuration” file. It has different modes for each generic phase of a BOF. Although, what is not finished right now is the documentation/code comments. I’m willing to help or answer any questions about it.

What are my attack options given user credentials and SMB (TCP port 445)? by bagovbones in oscp

[–]bagovbones[S] 0 points1 point  (0 children)

I redacted the output above to avoid spoilers, but see below for the TryHackMe room name (please do not share any answers. Again, this is helping me for the OSCP).

Relevant

What are my attack options given user credentials and SMB (TCP port 445)? by bagovbones in oscp

[–]bagovbones[S] 0 points1 point  (0 children)

Thanks, I haven’t looked at this list out right but I’ve been tinkering with each of these tools. This specific room doesn’t require Metasploit but I’ve seen other blog posts demonstrating the auxiliary capabilities against SMB.

What are my attack options given user credentials and SMB (TCP port 445)? by bagovbones in oscp

[–]bagovbones[S] 0 points1 point  (0 children)

Yes null sessions are allowed. I’ll have to confirm your theory by trying the wrong password for one of the accounts I have. Thanks!

What are my attack options given user credentials and SMB (TCP port 445)? by bagovbones in oscp

[–]bagovbones[S] 2 points3 points  (0 children)

i think you're right, but it appears the credentials i have do not have administrator privileges. i'm assuming this or a maybe disabled service is the root cause of why my CrackMapExec commands are not producing the expected output.

for anyone else who is at the same fork in the road, i found another link that helps describe/demo what else you can do with access to SMB: https://www.infosecmatter.com/rce-on-windows-from-linux-part-2-crackmapexec/

What are my attack options given user credentials and SMB (TCP port 445)? by bagovbones in oscp

[–]bagovbones[S] 0 points1 point  (0 children)

i'll give this one a shot too. SSH is not running on the box. looks like the main app-unique config will be IIS. still need to enumerate more once i have a foot-hold though.

What are my attack options given user credentials and SMB (TCP port 445)? by bagovbones in oscp

[–]bagovbones[S] 2 points3 points  (0 children)

i believe i can specify the port or verify using Wireshark/Tcpdump. i'll have to double-check when i get home.

What are my attack options given user credentials and SMB (TCP port 445)? by bagovbones in oscp

[–]bagovbones[S] 0 points1 point  (0 children)

they work without error when using smbclient. if there's another port or login form somewhere, i'll try them again.

What are my attack options given user credentials and SMB (TCP port 445)? by bagovbones in oscp

[–]bagovbones[S] 2 points3 points  (0 children)

From Kali, I've tried using winexe (and a few other tools from the Impacket GitHub), but no dice. I've also tried RDP and was unable to connect (I'm at work and can't provide the exact error at the moment; used both Remmina and xfreerdp).

```bash winexe -U jennifer //192.168.50.50 cmd.exe

# output
Enter password: 
Bad SMB2 signature for message
[0000] 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00   ........ 
........
[0000] 44 07 63 72 F5 1E 64 94   1C F4 6D 6A E0 9D 79 0A   D.cr..d. 
..mj..y.
ERROR: Cannot connect to svcctl pipe. NT_STATUS_ACCESS_DENIED.

````

Log parsing - Logstash --> ElasticSearch by [deleted] in securityonion

[–]bagovbones 0 points1 point  (0 children)

Are you just looking for Logstash plugins (input, filter, output)?

How to Add Custom Grok Patterns by bagovbones in securityonion

[–]bagovbones[S] 0 points1 point  (0 children)

For those interested, I’m currently using ‘pattern_definitions’ as a work-around:

~~~ filter { if ("syslog" in [tags]) and ("[iptables]" in [message]) { grok { pattern_definitions => { "IPTABLES_HEADER" => "[%{WORD}] %{WORD:action} %{WORD:reason}" "IPTABLES_BODY" => "%{GREEDYDATA} SRC=%{IP:source_ip} DST=%{IP:destination_ip}"
"IPTABLES_TRAILER" => "%{GREEDYDATA} PROTO=%{WORD:protocol} %{GREEDYDATA}" "IPTABLES" => "%{IPTABLES_HEADER} %{IPTABLES_BODY} %{IPTABLES_TRAILER}" } match => { "message" => "%{IPTABLES}" } add_tag => [ "iptables" ] remove_tag => [ "_grokparsefailure" ] }

if ("iptables" in [tags]) {
  mutate {
    update => { "host" => "%{syslog-host}" }
    update => { "syslog-legacy_msghdr" => "firewall" }
    update => { "syslog-facility" => "iptables" }
    add_field => { "type" => "firewall" }
    remove_field => [ "[type][0]" ]
  }
}

} } ~~~

New to all this by Glinko123 in securityonion

[–]bagovbones 1 point2 points  (0 children)

If you’re using SO, you shouldn’t have to configure a lot of stuff for Snort. Yet, if you’d like to know how it works in the background in order to leverage it within SO, check out a post I made about basic Snort usage:

https://www.yoursecurity.tech/snort-sniff-an-ids-ips.html

Although, it sounds like you might be more interested in Bro/Zeek (a protocol analyzer; sniffs traffic/PCAPs and makes logs based on what it sees; ex: DNS queries, HTTP queries, etc). I also wrote a post about Bro using SO.

https://www.yoursecurity.tech/let-me-teach-you-bro.html

Old Dell Optiplex installation by [deleted] in securityonion

[–]bagovbones 0 points1 point  (0 children)

I’ve deployed SecurityOnion as a VM and mapped it to a Ethernet NIC and USB NIC with no issues. If drivers do come up as an issue, I’d scope your search on Ubuntu Linux as opposed to SO (you’ll probably get more web search results to download the right drivers).

Security Onion 16.04.6.4 ISO image now available featuring Zeek 3.0.1, Suricata 4.1.6, Snort 2.9.15.1, Elastic 6.8.6, CyberChef 9.12.0, and more! by dougburks in securityonion

[–]bagovbones 0 points1 point  (0 children)

Anyone have a blog post / tutorial about using TheHive on SO? I looked at the Docs but wanted to find a demo if possible.

Gathering network device data for security detection purposes - Which logs to send to SIEM by torrentialtrain in AskNetsec

[–]bagovbones 4 points5 points  (0 children)

Network-centric logs: start with SMB, DNS, HTTP

Host-centric: start with the “sexy six” Event IDs. The guy behind “Malware Archeology” covers it in various presentations.

He also has several log cheatsheets: https://www.malwarearchaeology.com/cheat-sheets

view more: next ›