Last year, I wrote a short blog post about tools I had added to my pentesting toolbox. I’ve decided to make this type of article a yearly tradition. In this post, I highlight some of the useful tools I’ve started to use this past year.

Domain Password Audit Tool

First, I will shamefully promote a tool I wrote myself that will generate password usage statistics on an active directory domain.

Just how many people are using that weak password of “Winter2017” or “Password1”? Are your domain admins using the same password between their low-privileged and high-privileged accounts? Are the easily cracked LM hashes being stored on your domain controller?

Now you know with the Domain Password Audit Tool (DPAT), check out a full demo video here:

File Metadata Extraction with PowerMeta

Files such as MS Word files and PDF files contain information (metadata) about who created the file. This information is generally set automatically by the operating system. Documents posted on a company’s website are often created by employees of that company. Inspecting the metadata of these files can give you valuable insight into the username format and possibly even the internal Active Directory domain name.

PowerMeta by Beau Bullock is a PowerShell script that will locate and download documents posted on a given domain and report on the metadata each contains. A username list proves useful in password spraying attacks used to gain an initial foothold into a network.

Malicious Outlook Rules and Forms

Just how could you get a foothold on an internal network when you only have credentials to an external resource?

Perhaps you have credentials to access a user’s Outlook Web Access account (web mail). You could generate a malicious Outlook rule or form to gain code execution on a client machine. The rule is (Read more...)