Olivier Bilodeau

winrm.Session should allow a means to supply a timeout

3

Otherwise long commands are timing out.

IDA Integration: exceptions.OverflowError long int exceeds XML-RPC limits

3

### Description IDA Integration fails with some binaries throwing the following exception when trying to reach your first breakpoint: ``` pwndbg> b main Breakpoint 1 at 0x120d pwndbg> run Starting...

Cowrie doesn't run bash interactively when sent as exec command

7

Quick testcase with [pwntools](http://pwntools.com/) installed: ``` from pwn import * sh = ssh('root', 'honeypot_devel', port=2222, password='root', timeout=2) r = sh.run('bash') r.recvline() ``` Client side stack trace: ``` SSHException Traceback (most...

Identify good Net-NTLMSSP hashes

2

Did some tests today. There would be a way to identify "valid" Net-NTLM hashes from invalid ones and highlight the difference in the logs (we should keep the bad ones...

 Assigning milestone v1.2.0 but if it turns out to be complicated we will postpone it.

Try with ADCS relay attacks generated certs

1

Read this: https://www.exandroid.dev/2021/06/23/ad-cs-relay-attack-practical-guide/ Can we use ADCS relay attacks to grab certificates that would be valid for RDP? This would enable greater reach in NLA-enabled environments.

Downgrade to NetNTLMv1 in the challenge-response

1

Now that we can capture NetNTLM hashes (#367), someone from pentest told me that we should test downgrading to NetNTLMv1. This version is easier to crack and you can even...

Our current NTLM capture mode is disruptive if used during a pentest because a MITM-ed client will not be able to reach the intended server at all. The type of...

If we manage to crack the hash, we know we could MITM NLA because we could then create a new challenge-response on the server side. If I recall correctly the...