ropnop blog
  • Posts
  • Conference Talks
  • Tags
  • Series
ropnop blog

windows

Hosting the CLR and executing .NET assemblies from Go

 Posted on March 15, 2020  |  ropnop

Write up of my journey figuring out how to host the CLR and execute .NET assemblies from memory in pure Go. [Read More]
golang  windows  .net  clr 

Docker for Pentesters

 Posted on July 18, 2019  |  ropnop

Docker has become such an integral part of my worfklow recently. These examples should demonstrate how Docker can help you be a more efficient pentester [Read More]
docker  pentest  impacket  linux  smb  windows 

Extracting SSH Private Keys From Windows 10 ssh-agent

 Posted on May 20, 2018  |  ropnop

The newest Windows 10 update includes OpenSSH utilities, including ssh-agent. Here's how to extract unencrypted saved private keys from the registry [Read More]
windows  ssh  powershell  openssh  rsa  pentest 

Remotely Managing Hyper-V in a Workgroup Environment

 Posted on August 1, 2017  |  ropnop

After lots of mucking around, this is the bare minimum configuration I found to successfully connect to and mange Hyper-V in a non-domain network [Read More]
windows  winrm  powershell  hyperv  credssp 

Extracting Hashes and Domain Info From ntds.dit

 Posted on July 6, 2017  |  ropnop

If you end up with a copy of NTDS.dit and the SYSTEM registry hive, you can extract domain computer info offline and user NTLM hashes for cracking. [Read More]
windows  python  hash  ntds  impacket 

Transferring Files from Linux to Windows (post-exploitation)

 Posted on July 1, 2016  |  ropnop

I often need to copy a tool or a payload from my Kali linux attack box to a compromised Windows machine. These are some of my favorite techniques. [Read More]
windows  kali  impacket  smb  metasploit 

Practical Usage of NTLM Hashes

 Posted on June 5, 2016  |  ropnop

I've shown all the different ways to own a Windows environment when you have a password - but having a hash is just as good! Don't bother cracking - PTH! [Read More]
pth  mimikatz  windows  linux  impacket  crackmapexec 

Using Credentials to Own Windows Boxes - Part 3 (WMI and WinRM)

 Posted on April 27, 2016  |  ropnop

WMI and WinRM are two Windows administrative "features" that are ripe for abuse if you have credentials. In this post, I'll show how to (mis)use them... [Read More]
windows  shell  pentest  wmi  winrm  powershell 
Using Credentials to Own Windows Boxes 

Using Credentials to Own Windows Boxes - Part 2 (PSExec and Services)

 Posted on April 20, 2016  |  ropnop

Pentesters use PsExec style commands all the time, and in this post I'm going to explore and manually recreate the technique using native Windows tools. [Read More]
windows  shell  impacket  penest  psexec  smb 
Using Credentials to Own Windows Boxes 

Using Credentials to Own Windows Boxes - Part 1 (from Kali)

 Posted on April 16, 2016  |  ropnop

Du'h...if you have admin creds you can own a box. But how many different ways can you do it? Here's a blog-ified version of my notes and my favorite methods [Read More]
kali  windows  impacket  metasploit  shell 
Using Credentials to Own Windows Boxes 

ropnop  • © 2020  •  ropnop blog

Hugo v0.63.2 powered  • Modified theme based on Beautiful Hugo