Daily Blog #312: Remote connections and credential exposure part 1
Hello Reader,
I've had two Sunday Funday challenges now that both relied on the responders knowledge of what credentials they leave for the attacker to find/exploit when responding. I don't know how well understood this is so I thought I would setup some virtual machines and then connect to them through a series of remote access methods to see what it exposed to the attacker. In this series I am planning to connect remotely with the following:
1. RDP
2. Network Share
3. Remote Registry
4. Powershell
5. F-response
6. PSExec
On the virtual machine being connected to I will then run the following three tools to see whats exposed:
1. Windows Credential Editor
2. Mimikatz
3. Meterpreter
and document my results. My hope is that if this is not already tested and documented that you will get fresh insight on how to best respond and interact over the network.
I've had two Sunday Funday challenges now that both relied on the responders knowledge of what credentials they leave for the attacker to find/exploit when responding. I don't know how well understood this is so I thought I would setup some virtual machines and then connect to them through a series of remote access methods to see what it exposed to the attacker. In this series I am planning to connect remotely with the following:
1. RDP
2. Network Share
3. Remote Registry
4. Powershell
5. F-response
6. PSExec
On the virtual machine being connected to I will then run the following three tools to see whats exposed:
1. Windows Credential Editor
2. Mimikatz
3. Meterpreter
and document my results. My hope is that if this is not already tested and documented that you will get fresh insight on how to best respond and interact over the network.
Daily Blog #312: Remote connections and credential exposure part 1
Reviewed by David Cowen
on
May 01, 2014
Rating:
No comments: