7MS #589: Tales of Pentest Pwnage - Part 51

September 15, 202314m 42s

Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

In today's tale of pentest pwnage we talk about:

The importance of local admin and how access to even one server might mean instant, full control over their backup or virtualization infrastructure
Copying files via WinRM when copying over SMB is blocked:

$sess = New-PSSession -Computername SERVER-I-HAVE-LOCAL-ADMIN-ACCESS-ON -Credential *

...then provide your creds...and then:

copy-item c:\superimportantfile.doc -destination c:\my-local-hard-drive\superimportantfile.doc -fromsession $sess

If you come across PowerShell code that crafts a secure string credential, you may able to decrypt the password variable with:

[System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($MyVarIWantToDecryptGoesHere))

← All episodes of 7 Minute Security