7MS #552: Tales of Pentest Pwnage - Part 45
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
Today's tale of pentest pwnage covers some of the following attacks/tools:
- Teleseer for packet capture visualizations on steroids!
- Copernic Desktop Search
- Running Responder as
Responder.py -I eth0 -A
will analyze traffic but not poison it - I like to run mitm6 in one window with
mitm6.py -i eth0 -d mydomain.com --no-ra --ignore-nofqdn
and then in another window I dontlmrelayx.py -6 -wh doesntexist -t ldaps://ip.of.the.dc -smb2support --delegate-access > relaysRphun.log
- that way I always have a log of everything happening during the mitm6 attack - Vast.ai looks to be a cost-effective way to crack hashes in the cloud (haven't tested it myself yet)