Pwning a Domain Joined PC in under a minute


Peter demonstrates how to gain access to a domain joined PC and then spawn a reverse shell back to our command and control system.

Pwning a Domain Joined PC in under a minute

Posted on 2021-01-26 by Peter Bassill in category Penetration Testing.


News  


One of the biggest threats to the enterprise network is where an attacker can gain physical access to a network connection. There is a small flaw in the way Microsoft perform Active Directory level authentication on a network. Where an attacker is able to gain an internal network connection, it is possible to perform a man in the middle attack on that authentication handshake and recover the NetNTLMv2 hash of the password. This is a technique we regularly use in penetration tests.

Once a NetNTLMv2 hash is captured, it is a simple case of running the hash through a tool such as hashcat to turn the hash into a clear-text password. While on a normal PC a standard 12 character password with upper case, lower case letters, numbers and special characters can take around 60 days to complete, a standard gaming laptop can do this in under 12 hours using its GPU. Where an attacker has some money available, it is possible to do this in minutes by leveraging the Amazon GPU clusters.

In this video, Peter, our CEO, demonstrates how to gain access to a domain-joined PC and then spawn a reverse shell back to our command and control system.

 


Get in Touch

Kindly fill the form and we will get back to you.

Contact us if you are experiencing a Cyber IncidentHaving a Cyber Incident?