s0i37 comments

Results 64 comments of


                                            s0i37

ntlmrelayx SMB to LDAP remove-mic and CVE-2019-1040

Unfortunately I cant provide packet capture by security reason. Probably you can understand the reason by pictures. ![1-printerbug](https://user-images.githubusercontent.com/22872513/146571469-027ae03a-a08e-453f-8fcc-8b11dff749f0.png) ![2-smb](https://user-images.githubusercontent.com/22872513/146571603-46684685-80b5-47f4-8812-b0cd0f76924a.png) ![3-ldap](https://user-images.githubusercontent.com/22872513/146571617-e5e4cf0c-be87-4ecc-9af5-6254968d8749.png)

[dacledit] New example script for DACL manipulation

BTW, ACL read/edit is already implemented in `msldap`. Also `winacl` is a good python library for parsing any ACL. For example https://github.com/skelsec/msldap/issues/22

rtorrent crashes on starting

According `https://github.com/rakshasa/rtorrent/search?q=load_start` `load_start` -> `load.start`

aireplay --fakeauth WPA -> M3

BTW We can use many wpa_supplicant for the same `wlan0` for many threads of online bruteforce. And some AP allow to check a few passwords per second.

aireplay --fakeauth WPA -> PMKID

``` hcxdumptool -i mon0 -c 1,6,11 --enable_status=15 -o pmkid.pcapng tcpdump -r pmkid.pcapng -nn -w pmkid.pcap aircrack-ng pmkid.pcap -w wordlist.txt ```

wpaclean doesn't clean half-handshakes

My pcap file has m1m2 (wrong pass) and m1m2m3(valid pass), obviously I cant brute it without cleaning: ``` hcxpcapngtool m1m2_m1m2m3.pcap -o eapol.txt --all hcxhashtool -i eapol.txt --authorized -o eapol_valid.txt hcxhash2cap...

Force PMKID bruteforce

For example I connect to AP with any (wrong) password. We have the following: ``` M1 - PMKID with right hash M2 - my entered wrong password hash ``` If...

ntlmrelayx SMB to LDAP remove-mic and CVE-2019-1040

Probably it was NetNTLMv1?

Error building Cutter with python support

I will try near future

vars/args values popups when mouse over

ping