Upcoming Conferences: DerbyCon! (September 25-29th, 2013)

The security rockstars are at it again in Kentucky.  This week, DerbyCon 3 will be held in Louisville. And it looks like they have a great lineup. A ton of talks, tech tracks and parties.

They will even have a Zombie Apocalypse with proceeds going to Hackers for Charity.

How cool is that?

DerbyCon will run from Sept. 25th to the 29th:

Wednesday – Training starts at 9:00AM and ends at 5:00PM
Thursday – Training starts at 9:00AM and ends at 5:00PM
Friday – Opening ceremonies start at 8:30AM and the keynote starting at 9:00AM. Talks finish at 8:00PM
Saturday – Talks start at 9:00AM and end at 7:00PM
Sunday – Talks start at 9AM and end at 4PM

Event and Talk Schedule

I also hear that security guru and creator of the Social Engineering Toolkit (SET) David Kennedy will be live on Foxnews tomorrow morning at 7:40 EST.

Check it out!

Recovering Plain Text Passwords with Metasploit and Mimikatz

I haven’t been posting as much recently as I have been hard at work writing a new book on basic security testing with Kali Linux and other open source security tools. The bad thing is it is taking up about all of my free time now. The good thing is that I am going over a lot of exceptional material that I don’t think I have posted here before.

So today I decided to post a sneak peak at what type of material will be in the book.

Mimikatz, created by our friend Gentil Kiwi, is a great password recovery tool. It is able to recovery passwords from several Windows processes in PLAIN TEXT.

Not to long ago a Mimikatz module was added to Metasploit, so recovering clear text passwords once you have a remote meterpreter shell is easier than ever.

So let’s check it out!

Clear Text Passwords with Mimikatz

We will start out with a post exploit scenario. Using Metasploit we already ran a successful exploit and now have an active remote meterpreter session.

Luckily our target user was using an administrator account and we used the Bypass UAC module to bump our access up to System level. (Explained in the book)

Now we just need to load in the mimikatz module. There is a 32 and 64 bit module, choose accordingly. For this demo we will be using the 32 bit.

Mimikatz 1

  1. At the Meterpreter prompt, type “load mimikatz”.
  2. We will now have a mimikatz prompt. Type “help” for a list of available commands:

Mimikatz 2

The help is pretty self-explanatory; basically type the corresponding command to the creds that you want to recover. So for Kerberos just type “kerberos” at the Meterpreter prompt. Or type “msv” to recover the hashes.

Using these commands you can recover user passwords from multiple system sources – Windows Login passwords, MS Live passwords, terminal server passwords, etc.

You can also use the “mimikatz_command” command to perform even more functions like retrieving stored certificates.

But for today we are just interested in passwords.

Recovering Hashes and Plain Text Passwords

  1. Type “msv”.

Mimikatz 3

And there you go – a list of the password hashes. Well, we could grab the hash and try to crack it, or run it through an online rainbow table, but what if we don’t have that kind of time?

It would be nice just to get the password in plain text.

Well… You can.

  1. Type “Kerberos”.

Mimikatz 4

If you look at our user Ralf, you will see his password in plain text!

And that is it, after we get a remote session with Metasploit and using Mimikatz, recovering clear text passwords is just a few commands away.

(As always do not try these techniques on networks that you do not own or do not have permission to do so. Doing so could get you into serious trouble and you could end up in jail.)


Disguised Raspberry Pi that can Hack your Network

I’ve been playing around with a Raspberry Pi on and off for a while now. The credit card sized, fully functional computer can do many things, including being transformed into a security testing tool!

There is a great article on TunnelsUp.com that demonstrates disguising a Raspberry Pi computer as a power plug and configuring it to connect out to a control server using SSH. Basically making it into something like the popular Pwnie Plug device.

When assembled, the device looks like a any other power adapter that clutters our power hungry offices. Except this one allows someone on the outside of the building to connect into the building, possibly allowing them to perform attacks against your infrastructure.

Though the author mentions just using “A Linux OS” on the PI, using something like this and placing Kali Linux on it would make it a very powerful (and affordable) attack/ security testing platform. Kali is the latest version of the Backtrack penetration testing platform, is loaded with security tools and works exceptionally well on a Raspberry Pi.

Very cool project, this should jog the creative mind of penetration testers and hopefully be a warning to IT departments to keep an eye out for rogue devices such as this.

Israeli Cyber Defense Interview

Cyber defense war room [llustrative] Photo: Reuters and Marc Israel Sellem
IDF war room [llustrative] Photo: Reuters and Marc Israel Sellem

Not sure if anyone has seen this yet, but Al-Monitor/Israel Pulse has a great interview with two members of the Israeli Defense Force Cyber Security Team.

In the article, “IDF Hackers Test Israeli Preparedness For Cyberattacks” Lt. Col M. and Capt. A. discuss what it is like being on Israel’s crack team of cyber ninjas. They cover several key topics including thoughts on current threats and the current hot button topic, NSA spying.

Lt. Col M. and Capt. A. lead opposing teams in red team drills. They practice constantly to hone and perfect their skills, but also teach and train those under them to think out of the box in cyber security.

How will the IDF cyber team deal with increasingly sophisticated attacks from Islamic countries and are they concerned about NSA espionage practices?

Our job is to monitor the goings-on and keep track of the technological developments, and we need to know what the threats and risks in cyberspace are. In any event, to protect strategic assets, encryption systems that we develop ourselves in-house, rather than off-the-shelf products, are customarily used,” said Lt. Col M.

The best hackers and security teams create their own programs and work on developing their own exploits. But where would the IDF look to find exploits or weaknesses?

Security holes can be found anywhere. The point of hacking is to find the system vulnerability and leverage it to undermine the entire system,” says Lt. Col. M.

The best way to break into a system is not by running head-on into it. Rather, the most sophisticated attacks, the ones that you can brag about, are those that take advantage of a hidden security hole,” added Capt. A.

It is a very good article and well worth the read as it offers a glance into the security mindset of our Middle East allies.

Check it out!