I think someone mentioned this, Jon if I recall correctly, about the invoke-mimikatz.ps1 script that uses powershell to run mimikatz in memory. Anyways, this guy has built a python script to speed the process up and do all the memory cred dumps on the network, automagically. ...My guess is Dave has already run this, but I'll go ahead run it too. ;)
http://blog.gojhonny.com/2015/08/domain-administrator-in-17-seconds.html
Haven’t seen that yet. Very cool.
It’s a lot like Invoke-UserHunter that’s part of the veil framework. https://www.veil-framework.com/hunting-users-veil-framework/ Having 445 open on clients or servers is extraordinarily dangerous.
You guys will have fun at Weber.
From: ushe-assess-bounces@lists.dixie.edu [mailto:ushe-assess-bounces@lists.dixie.edu] On Behalf Of Chuck Kimber Sent: Wednesday, August 12, 2015 10:00 AM To: USHE-assess@lists.dixie.edu Subject: [USHE-assess] CredCrack
I think someone mentioned this, Jon if I recall correctly, about the invoke-mimikatz.ps1 script that uses powershell to run mimikatz in memory. Anyways, this guy has built a python script to speed the process up and do all the memory cred dumps on the network, automagically. ...My guess is Dave has already run this, but I'll go ahead run it too. ;)
http://blog.gojhonny.com/2015/08/domain-administrator-in-17-seconds.html
participants (2)
-
Chuck Kimber -
Jon Barclay