Found an RCE in an open/unauthenticated RServe service today.
If you come across an open TCP/6311 service that answers a HTTP request with something like "Rsrv0103QAP1"
..here's how to get Code Exec.
gist.github.com/csandker/c92…
Published another old(er) blog post:
A Windows Authorization Guide
csandker.io/2018/06/14/AWind…
This one covers the Windows Authorization process In and Out, from Basic Access checks to Primary & Impersonation Tokens...
Including this tricky PtH question (see screenshot below):
Grab a coffee and settle in for our German language webinar at 10.30am (UTC+2). Our Lead Security Consultant @0xcsandker will tell you all about how our clients prepare for cyber attacks and how you can train your own team.
Last minute registration?
ow.ly/ShGJ50ztW5E
Unser Lead Security Consultant @0xcsandker spricht am 7. Mai in unserem Webinar darüber, wie Kombinationen von klassischen Penetrationstests, Red-Teaming sowie Response Dienstleistungen helfen können Sicherheitsvorfälle zu trainieren.
ow.ly/AJMq50zqpw2
Spend the last few idle isolation days building a PlayBook application that can be self-hosted and integrates into existing knowledge bases.
All based on MD. Copy+Paste Images, Upload content from various sources and more...
Check it out:
github.com/csandker/Playbook…
Spend some hours getting my head around Kerberos Delegation, here's some references that some might find useful.
PS Snippets here: gist.github.com/csandker/a41…
Shoutout to @elad_shamir@harmj0y@tifkin_, thanks for your great public resources on this!