Monday, August 31, 2020

Can I count on you?

We have two big things to get done this November, but with your help, we will be able to accomplish them. Can I count on you to phone bank with me?

Jason,

We're trying to do two big things that haven't been done in a long time.

1. Win a Democratic majority in the Texas House (last time that happened was in 2000).
2. Win Texas' electoral college votes for the Democratic nominee for President (last time that happened was in 1976).

They're both important.

Win the State House, and we can begin to dismantle the infrastructure of voter suppression and have a seat at the table for redistricting in 2021.

Win the 38 electoral college votes and it's game over for Trump and Trumpism — and the electoral landscape of this country is forever changed to our advantage.

If either of these things were easy, or simply a matter of money, we'd have achieved them by now.

But when you're up against decades of Republican control, generations of voter suppression and the inertia of a national party that looks at your state more like an ATM than a battlefield — nothing about this comes easy.

As important as this work is, as big as the payoff will be, as much as we need the help, when you're campaigning in Texas you quickly come to realize that there is no cavalry, no one is going to ride to the rescue and save the day.

That's up to us. We are the cavalry. And it's the tough, grinding work of registering and reaching out to voters — one at a time — that Powered by People is doing that will help us win these elections.

We could use you in this cavalry. 

Upcoming events:

Virtual Phone Bank with local candidates and Beto
Wednesday, September 2, 6:30 pm CT

Get more info or RSVP »

Even if you have never volunteered before, or have been too busy until now, this is the time to sign up. And I'm not asking you to do anything I won't be doing. I'll be on every one of these phone banks to Texas voters, right next to you.

When you are trying to take back the Texas House and turn the biggest battleground state, every vote will matter, every registration will matter, and everyone is needed to make this happen.

So, can I count on you?

Beto






 

Sunday, August 30, 2020

Thousand Ways To Backdoor A Windows Domain (Forest)

When the Kerberos elevation of privilege (CVE-2014-6324 / MS14-068) vulnerability has been made public, the remediation paragraph of the following blog post made some waves:
http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx

"The only way a domain compromise can be remediated with a high level of certainty is a complete rebuild of the domain."

Personally, I agree with this, but .... But whether this is the real solution, I'm not sure. And the same applies to compromised computers. When it has been identified that malware was able to run on the computer (e.g. scheduled scan found the malware), there is no easy way to determine with 100% certainty that there is no rootkit on the computer. Thus rebuilding the computer might be a good thing to consider. For paranoids, use new hardware ;)

But rebuilding a single workstation and rebuilding a whole domain is not on the same complexity level. Rebuilding a domain can take weeks or months (or years, which will never happen, as the business will close before that).

There are countless documented methods to backdoor a computer, but I have never seen a post where someone collects all the methods to backdoor a domain. In the following, I will refer to domain admin, but in reality, I mean Domain Admins, Enterprise Admins, and Schema Admins.


Ways to backdoor a domain

So here you go, an incomplete list to backdoor a domain:

  • Create a new domain admin user. Easy to do, easy to detect, easy to remediate
  • Dump password hashes. The attacker can either crack those or just pass-the-hash. Since KB2871997, pass-the-hash might be trickier (https://technet.microsoft.com/library/security/2871997), but not impossible. Easy to do, hard to detect, hard to remediate - just think about service user passwords. And during remediation, consider all passwords compromised, even strong ones.
  • Logon scripts - modify the logon scripts and add something malicious in it. Almost anything detailed in this post can be added :D
  • Use an already available account, and add domain admin privileges to that. Reset its password. Mess with current group memberships - e.g. http://www.exploit-db.com/papers/17167/
  • Backdoor any workstation where domain admins login. While remediating workstations, don't forget to clean the roaming profile. The type of backdoor can use different forms: malware, local admin, password (hidden admin with 500 RID), sticky keys, etc.
  • Backdoor any domain controller server. For advanced attacks, see Skeleton keys 
  • Backdoor files on network shares which are commonly used by domain admins by adding malware to commonly used executables - Backdoor factory
  • Change ownership/permissions on AD partitions - if you have particular details on how to do this specifically, please comment
  • Create a new domain user. Hide admin privileges with SID history. Easy to do, hard to detect, easy to remediate - check Mimikatz experimental for addsid
  • Golden tickets - easy to do, hard to detect, medium remediation
  • Silver tickets - easy to do, hard to detect, medium/hard remediation
  • Backdoor workstations/servers via group policy
    • HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ RunOnce,
    • scheduled tasks (run task 2 years later),
    • sticky-keys with debug
  • Backdoor patch management tool, see slides here
[Update 2017.01.10]


Other tricks

The following list does not fit in the previous "instant admin" tips, but still, it can make the attackers life easier if their primary foothold has been disabled:

  • Backdoor recent backups - and when the backdoor is needed, destroy the files, so the files will be restored from the backdoored backup
  • Backdoor the Exchange server - get a copy of emails
  • Backdoor workstation/server golden image
  • Change permission of logon scripts to allow modification later
  • Place malicious symlinks to file shares, collect hashes via SMB auth tries on specified IP address, grab password hashes later
  • Backdoor remote admin management e.g. HP iLO - e.g. create new user or steal current password
  • Backdoor files e.g. on shares to use in SMB relay
  • Backdoor source code of in-house-developed software
  • Use any type of sniffed or reused passwords in new attacks, e.g. network admin, firewall admin, VPN admin, AV admin, etc.
  • Change the content of the proxy pac file (change browser configuration if necessary), including special exception(s) for a chosen domain(s)  to use proxy on malicious IP. Redirect the traffic, enforce authentication, grab password hashes, ???, profit.
  • Create high privileged users in applications running with high privileges, e.g. MSSQL, Tomcat, and own the machine, impersonate users, grab their credentials, etc. The typical pentest path made easy.
  • Remove patches from servers, change patch policy not to install those patches.
  • Steal Windows root/intermediate CA keys
  • Weaken AD security by changing group policy (e.g. re-enabling LM-hashes)
Update [2015-09-27]: I found this great presentation from Jakob Heidelberg. It mentions (at least) the following techniques, it is worth to check these:
  • Microsoft Local Administrator Password Solution
  • Enroll virtual smart card certificates for domain admins

Forensics

If you have been chosen to remediate a network where attackers gained domain admin privileges, well, you have a lot of things to look for :)

I can recommend two tools which can help you during your investigation:

Lessons learned

But guess what, not all of these problems are solved by rebuilding the AD. One has to rebuild all the computers from scratch as well. Which seems quite impossible. When someone is creating a new AD, it is impossible not to migrate some configuration/data/files from the old domain. And whenever this happens, there is a risk that the new AD will be backdoored as well.

Ok, we are doomed, but what can we do? I recommend proper log analysis, analyze trends, and detect strange patterns in your network. Better spend money on these, than on the domain rebuild. And when you find something, do a proper incident response. And good luck!

Ps: Thanks to Andrew, EQ, and Tileo for adding new ideas to this post.

Check out the host backdooring post as well! :)
More info

  1. Hacking App
  2. Best Pentesting Tools 2018
  3. Hacking Tools For Pc
  4. Pentest Tools Download
  5. Hacker Tools Free Download
  6. Hacker Techniques Tools And Incident Handling
  7. Tools Used For Hacking
  8. Hacker Tools Apk Download
  9. Hack Tool Apk
  10. Pentest Tools Website Vulnerability
  11. Hack Tool Apk No Root
  12. Hacking Tools Online
  13. Blackhat Hacker Tools
  14. Nsa Hacker Tools
  15. Termux Hacking Tools 2019
  16. Hacking Tools For Mac
  17. Pentest Tools Framework
  18. Blackhat Hacker Tools
  19. Beginner Hacker Tools
  20. How To Install Pentest Tools In Ubuntu
  21. Hack Tools Download
  22. Pentest Tools Review
  23. Hacker Tools Free
  24. Hacker Tools Linux
  25. Hacking Tools Mac
  26. Pentest Tools Download
  27. Hack Tools For Pc
  28. Hacking Tools Windows
  29. Game Hacking
  30. Hacker Tools Free
  31. Hack Tools For Pc
  32. Best Hacking Tools 2019
  33. Hack Tools For Pc
  34. Hacking Tools For Beginners
  35. Hacking Tools For Pc
  36. Hacker Techniques Tools And Incident Handling
  37. Pentest Tools Open Source
  38. Ethical Hacker Tools
  39. Best Hacking Tools 2020
  40. Hacker Tools Windows
  41. Pentest Tools Download
  42. Pentest Tools For Ubuntu
  43. Pentest Box Tools Download
  44. Pentest Tools Review
  45. Hack Tools Online
  46. Pentest Tools Website
  47. Hacker Tools Free Download
  48. Best Pentesting Tools 2018
  49. Hacking Tools For Windows Free Download
  50. Tools 4 Hack
  51. Hack App
  52. Hack Rom Tools
  53. Hack Apps
  54. Hack Tools Online
  55. Hacking Tools For Beginners

Have you signed up to flip Texas blue yet?

This week we're kicking off our first round of phone banks with some amazing Texas state house candidates. You won't want to miss this opportunity to support Democrats up and down the ballot!

Powered By People

Jason,

If you've been waiting for your chance to hop in and get involved this election, but have been waiting for the right moment, let's be clear: The right moment is now! 

Tomorrow, we're kicking off phone banks with amazing state house candidates from around Texas. Our goal is to make sure voters across our great state know the names of every Democrat on their ballot, from the presidential ticket all the way down to the state house, so no Texan is confused about which candidates are fighting for us — for all of us. Will you join us and make calls this week, Jason?

Upcoming events:

Virtual Phone Bank with local candidates and Beto
Monday, August 31, 6:30 pm CT

Get more info or RSVP »

Virtual Phone Bank with local candidates and Beto
Wednesday, September 2, 6:30 pm CT

Get more info or RSVP »

We're not going into November with anything left on the table. Are you?

See you on the dialer,
Powered by People






 

Linux Command Line Hackery Series - Part 5



Welcome back to the Linux Command Line Hackery series, this is Part-V of the series. Today we are going to learn how to monitor and control processes on our Linux box, so wrap your sleeves up and let's get started.

Command:    ps
Syntax:           ps [options]
Description:  ps displays information about the currently running processes. Some of the common flags of ps are described briefly below
Flags: 
  -A or -e -> select all processes
  -a -> select all processes except both session leaders and processes not associated with a terminal.
  T -> select all processes associated with current terminal
  -u <username or id> -> select all processes of a given user or userlist

Open up a terminal and type ps:

ps

what you'll see is a list of processes currently running in your terminal. One important thing to notice in the output is what's called as PID which stands for process ID. It is the number that uniquely identifies a process. Just keep that PID concept in mind we'll use it soon.

OK I know that's not really what you want to see rather you want to see all the processes that are currently running on your box. Don't worry we have flags to rescue, in order to see all the processes you can use the -e flag like this:

ps -e

Boom! you get a long list of processes currently running on your machine (don't stare at me like that, you asked and I gave you that). If you want to see processes of a particular user you can type the following command in your terminal:

ps -u bob

here "bob" is a username. This command will list all processes of the user with effective user name of bob.

You can do a full-format listing of the processes using the -f flag like this:

ps -fu bob

But the output of the ps command is a snapshot not really a live preview of what is going on in your box. I know your next question is going to be something like this, Isn't there a command in Linux that gives me a live updating information of the processes? Yes, there is a command called top that we'll learn about next.

Command:    top
Syntax:           top [options]
Description:  top gives a dynamic real-time view of a running system. That is, it gives the up-to-date information about all the processes running on your Linux box (sounds fun!). Besides giving information about current processes and threads top also provides a brief system summary.

To start top just type this command:

top

and you'll get a nice and cute looking ugly display :). Well what the heck is going on here you might ask, right? What you get is information about what is going on with your computer. To see what more can you do with top just type <h> within the program window and you'll be given list of options that you can play with.

OK looking at what processes are going on in your box is cool but what if you want to terminate (or close) a process, is there a command line utility for that? Yes, there is and that's what we are going to look at next.

Command:   kill
Syntax:          kill [options] <pid> [...]
Description:  kill is used to send a signal to process which by default is a TERM signal meaning kill by default sends a signal of termination to process (Cruel guy). To list the available signals we can use the -l or -L flag of the kill command.


To simply terminate a process we provide kill command a PID (process ID) and it will send the TERM signal to the process. So to kill a process first we'll list the running processes and then we'll keep the PID of the process in mind that we want to terminate. After that we'll issue the kill command with the PID that we just found.

ps -ax
kill 1153

the above command will send a TERM signal to the process whose PID is 1153, as simple as that.

We can also use our already learned skills to refine the output of ps command. Say we have a xterm terminal running on our box and we want to terminate it. By using ps command all alone we'll get a long listing of all processes running on our box. But we can limit the output of ps command to just those processes that we're interested in by piping ps command with the grep command like this:

ps -ax | grep xterm

wow! that's amazing, we're able to pull out only those results from the ps command that contained xterm in them. Isn't that a cool trick? But what is that vertical bar ( ) doing in the middle, you may be thinking, right? Remember we learned about the input and output re-directors previously, the vertical bar (pipe in geeky terms) is another re-director whose task is to redirect the output of one command as input to another command. Here the pipe redirects the output of ps -ax command as input to grep command and of-course from the previous article you know that grep is used to search for a PATTERN in the given input. That means the above command searches for the xterm word in the output of ps -ax command and then displays just those lines of ps -ax command which contain xterm. Now get that PID and kill that process.

That's it for today, try these commands up on your own box and remember practice is gonna make you master the Linux command line. :)

More information


  1. Hacker Tools List
  2. Hack Tool Apk No Root
  3. Hacking Tools Online
  4. Hack Tools For Ubuntu
  5. Hacker Tools Linux
  6. Best Hacking Tools 2019
  7. Pentest Tools Review
  8. Pentest Tools Alternative
  9. Hacker Tools Github
  10. Hacking Tools For Kali Linux
  11. Pentest Tools Nmap
  12. Hacker Tools Online
  13. Hacker Hardware Tools
  14. Pentest Tools For Windows
  15. Hacking Tools For Beginners
  16. How To Make Hacking Tools
  17. Hacker Tools 2020
  18. Hacker Tools Mac
  19. Hacker Tools For Mac
  20. Hacking Tools For Windows 7
  21. Hacker Tools
  22. Hackrf Tools
  23. Hacking Tools Windows
  24. Beginner Hacker Tools
  25. Hacking Tools Hardware
  26. Hacking Tools For Mac
  27. Hack Rom Tools
  28. Pentest Tools Website Vulnerability
  29. Pentest Tools Github
  30. Hacking Tools Software
  31. Github Hacking Tools
  32. Pentest Tools Free
  33. Pentest Tools Free
  34. Hackrf Tools
  35. Hacker Tools Free
  36. Pentest Tools Github
  37. Underground Hacker Sites
  38. What Is Hacking Tools
  39. Hack Tools Online
  40. Hack Tools
  41. Pentest Tools Nmap
  42. Tools For Hacker
  43. Computer Hacker
  44. Pentest Tools Website
  45. Underground Hacker Sites
  46. Hacker Tools Windows
  47. Hacker Tools For Windows
  48. Pentest Tools Bluekeep
  49. Hacking Apps
  50. Hak5 Tools
  51. Pentest Tools For Ubuntu
  52. Pentest Tools
  53. Pentest Tools Windows
  54. Blackhat Hacker Tools
  55. Hacker Tools For Pc
  56. Blackhat Hacker Tools
  57. Tools For Hacker
  58. Pentest Box Tools Download
  59. Bluetooth Hacking Tools Kali
  60. Android Hack Tools Github
  61. Pentest Tools Open Source
  62. Hacking Apps
  63. Hacking Tools 2020
  64. Pentest Tools
  65. Pentest Tools Online
  66. Hacking App
  67. Hacker
  68. Hacker Tools For Mac
  69. Hacker Search Tools
  70. Growth Hacker Tools
  71. Pentest Tools Linux
  72. Pentest Tools Open Source
  73. Install Pentest Tools Ubuntu
  74. Hacker Tools 2020
  75. Hacking Tools Free Download
  76. Pentest Tools Kali Linux
  77. Hacking Tools And Software
  78. Hacking Tools Kit
  79. Hacking Tools Software
  80. Pentest Tools Windows
  81. Hack Tools 2019
  82. Hacking Tools Windows
  83. Hacker Tools 2020
  84. Hack Tools Online
  85. Hacking Tools 2019
  86. Termux Hacking Tools 2019
  87. Usb Pentest Tools
  88. Hacker Tools Windows
  89. Pentest Tools Download
  90. Hacking Tools Windows
  91. Hacker Tools For Pc
  92. How To Install Pentest Tools In Ubuntu
  93. Hack Apps
  94. Tools Used For Hacking
  95. Hacker Tools Software
  96. Hacking Tools For Games
  97. Hacking Tools For Games
  98. Kik Hack Tools
  99. Hack Tools For Pc
  100. Hacker Tools Free
  101. Pentest Tools Review
  102. Best Hacking Tools 2020
  103. Pentest Tools For Windows
  104. Hak5 Tools
  105. Hackrf Tools
  106. Top Pentest Tools
  107. Hack Tools
  108. Hacker
  109. Kik Hack Tools
  110. Github Hacking Tools
  111. Hacking Tools For Windows
  112. Hacker Tools Free Download
  113. Hacking Tools Online
  114. Hacker Tools Windows
  115. Pentest Box Tools Download
  116. Hacking Tools Download
  117. Pentest Automation Tools
  118. Hacking Tools For Windows 7
  119. Pentest Tools Kali Linux
  120. Pentest Reporting Tools
  121. Nsa Hack Tools
  122. Hacks And Tools
  123. Pentest Tools List
  124. Hacking Tools For Kali Linux
  125. Hack And Tools
  126. Pentest Tools Find Subdomains
  127. Pentest Tools Tcp Port Scanner
  128. Pentest Tools For Ubuntu
  129. Hack Tools Download
  130. Hacking Tools Kit
  131. Pentest Tools Online
  132. How To Install Pentest Tools In Ubuntu
  133. Black Hat Hacker Tools
  134. Best Pentesting Tools 2018
  135. Hacking Tools Hardware
  136. Hacking App
  137. Hacking Tools Hardware
  138. Pentest Tools Alternative
  139. Hacker Tools Apk Download
  140. Hacker Tools Online
  141. Hack Tools 2019
  142. Pentest Tools Find Subdomains
  143. Hacker Tools Hardware
  144. Pentest Tools Website
  145. Pentest Tools Github
  146. Hak5 Tools
  147. Nsa Hacker Tools
  148. Hackrf Tools
  149. Pentest Tools Review
  150. Hacking Tools For Windows
  151. New Hack Tools
  152. Hacking Tools For Mac
  153. Pentest Tools Review
  154. Physical Pentest Tools
  155. Hacking App
  156. Pentest Tools Windows
  157. Pentest Tools Find Subdomains
  158. Pentest Tools Bluekeep
  159. Hacking Tools Windows
  160. Hacking Tools Online
  161. Pentest Tools Bluekeep
  162. Tools For Hacker
  163. Hacker Tools Free

QakBot Banking Trojan Returned With New Sneaky Tricks To Steal Your Money

A notorious banking trojan aimed at stealing bank account credentials and other financial information has now come back with new tricks up its sleeve to target government, military, and manufacturing sectors in the US and Europe, according to new research. In an analysis released by Check Point Research today, the latest wave of Qbot activity appears to have dovetailed with the return of

via The Hacker News

Continue reading


  1. Hacking Tools Download
  2. Hacker Tools Free Download
  3. Hacker Security Tools
  4. Hacking Apps
  5. Tools For Hacker
  6. Hack Tools Download
  7. Hacker Tools For Mac
  8. Pentest Tools Review
  9. Hack Website Online Tool
  10. Hacker Tools Github
  11. Hacker Tools Free Download
  12. Ethical Hacker Tools
  13. Hacker Tools For Pc
  14. Hacker Tools Linux
  15. Pentest Reporting Tools
  16. Hacking App
  17. Pentest Tools Url Fuzzer
  18. Hacking Tools Kit
  19. Hacker Tools Hardware
  20. Hacker Tools Apk
  21. New Hacker Tools
  22. Hacking Tools Hardware
  23. Growth Hacker Tools
  24. Hacker Tools For Ios
  25. Tools 4 Hack
  26. How To Make Hacking Tools
  27. Pentest Tools Subdomain
  28. Tools Used For Hacking
  29. Pentest Tools Subdomain
  30. Pentest Tools Tcp Port Scanner
  31. New Hack Tools
  32. Pentest Tools Tcp Port Scanner
  33. New Hack Tools
  34. Hacker Security Tools
  35. Tools 4 Hack
  36. Pentest Tools For Windows
  37. Hack Tools Pc
  38. Hacker Tools
  39. Physical Pentest Tools
  40. Hack Tools
  41. Pentest Tools Bluekeep
  42. Hacking Apps
  43. Pentest Automation Tools
  44. Hacking Tools Usb
  45. Hacking Tools 2019
  46. Hacker Tools 2020
  47. Hacking Tools Windows
  48. Hacking Tools For Beginners
  49. Hacker Tools Hardware
  50. Hacker Tools For Pc
  51. Best Hacking Tools 2019
  52. Hacking Tools Online
  53. Pentest Tools Subdomain
  54. Pentest Tools Nmap
  55. Tools Used For Hacking
  56. Hacker Tools Windows
  57. Pentest Tools Tcp Port Scanner
  58. Hacking Tools Kit
  59. Hack Tools Github
  60. Hack Tools Mac
  61. Pentest Tools Framework
  62. Hack Tools Download
  63. Pentest Tools Website Vulnerability
  64. How To Make Hacking Tools
  65. Hacking Tools Github
  66. Hacking Tools For Kali Linux
  67. How To Make Hacking Tools
  68. Hack Tools Download
  69. Tools Used For Hacking
  70. Hacker Tools Apk
  71. Black Hat Hacker Tools
  72. Top Pentest Tools
  73. Pentest Tools Alternative
  74. Pentest Tools Port Scanner
  75. Github Hacking Tools
  76. Pentest Tools Online
  77. Hacker Tools Apk
  78. Hacking Tools For Games
  79. Hacking Tools For Windows
  80. Hacking Tools Mac