Thursday, May 1, 2014

Daily Blog #312: Remote connections and credential exposure part 1

Hello Reader,
      I've had two Sunday Funday challenges now that both relied on the responders knowledge of what credentials they leave for the attacker to find/exploit when responding. I don't know how well understood this is so I thought I would setup some virtual machines and then connect to them through a series of remote access methods to see what it exposed to the attacker. In this series I am planning to connect remotely with the following:

1. RDP
2. Network Share
3. Remote Registry
4. Powershell
5. F-response
6. PSExec

On the virtual machine being connected to I will then run the following three tools to see whats exposed:
1. Windows Credential Editor
2. Mimikatz
3. Meterpreter

and document my results. My hope is that if this is not already tested and documented that you will get fresh insight on how to best respond and interact over the network.