"Relaying hashes from SQL" exercise isn't finished #2
Comments
|
Apparently https://github.com/CCob/lsarelayx is even easier, as it's a standalone executable and doesn't need a "real" C2 like Cobalt Strike to run it. |
|
The lsarelayx looks awesome but it also seems like it has to be used in combo with ntlmrelayx - and I don't know if ntlmrelayx plays nice in Windows. I'll have to try that. |
|
As an alternative, this standalone version of impacket binaries looked promising (https://github.com/ropnop/impacket_static_binaries) but I hit some issues at runtime (ropnop/impacket_static_binaries#8). Thinking out loud, I could have the dbadmin account have a slightly more crackable password and have folks get DA that way, but I'd REALLY like to PTH as that's more fun since students will have already done a few cracking exercises by the time they get to this point. |
|
The section "relaying hashes from SQL" is now fully baked - both from a testing it out in real time perspective, as well as a curriculum perspective! |
The curriculum itself needs to be written, and I can't seem to get Inveigh relay to work even if I follow guides like this one or this one.
Our pal Jeff McJunkin recommends trying out PortBender.
The text was updated successfully, but these errors were encountered: