Posted On:October 2013 - Pentest Geek
Ok so I know it isn’t exactly breaking news that DerbyCon 3.0 was awesome. Still I wanted to take a moment to reach out to any of our readers living under a rock and let them know that last September, the PentestGeek.com crew had an opportunity to represent at one of the coolest Information Security events of the year, the DerbyCon!
We released smbexec version 2.0 a few days ago and it comes with some rather large differences from previous versions. For one thing it was completely rewritten in Ruby, for another it now supports multi-threading. While it still maintains all of the functionality of previous versions (remotely dumping hashes from systems or domain controllers, identifying where domain administrators credentials are in use, throwing around obfuscated meterpreters, etc) , I wanted to highlight some of the larger changes and new features in this release.
For those that don’t know what smbexec is or haven’t used it before there was a great derbycon presentation at the 2013 conference found here by Martin Bos (purehate) and Eric Milam (brav0hax). The quick description is that smbexec is a tool that focuses on using native windows functions/features for post exploitation and expanding access on a network after you gain some credentials, whether that be a hash or password for a local or domain account. It allows a pentester to quickly identify targets of interest and gain access to them across large networks without much need to worry about AV and UAC. You can grab the code at the pentestgeek github repo.
Follow Pentest Geek
Subscribe to Pentest Geek
- How To Install Metasploit Framework Ubuntu 14.04
- How to Install Nmap From Source
- Another Lap Around Microsoft LAPS
- Credential Harvesting via MiTM – Burp Suite Tutorial
- SSL Certificate from letsencrypt.org – Setup Guide
- Forensics and Incident Response
- Information Gathering
- Penetration Testing Tutorials
- Web Applications