R4W Security

Bubble or not, the Bitcoin speculation have made us hear controversial statements from 'distinguished and fancy' people which assert that it will worth a million --->  John McAfee: $1mn by 2020 or I'll eat my D . As one of its consequences, attacks abusing server vulnerabilities for cryptomining are growing with the crypto currencies popularity as well. While taking my daily morning Twitter dose, I found a  Trend Micro blog  mentioning a couple of security issues of a NoSQL service which have been exploited by some "wannabe but not on my pc" Monero miners. The targeted service was the 'relaxing'  Apache CouchDB . CouchDB is an open source database software developed on Erlang which focuses on ease of use by using a NoSQL architecture and JSON  objects to store data. Deployed by default on port 5984 , the service allows their users to manage all the databases using Javascript as query language and HTTP as API, providing everything you need ...

Extracting what? One of the most tedious and long tasks a pentester has to do when assessing a company's domain, is the extraction of the NTDS.dit file, located ( usually ) in the Domain Controllers of the Active Directory . Retrieving the  hashes of all users from the  Active Directory is the first thing that a hacker ( well... I think ) should do after obtaining Domain Admin  privileges. Obtaining the  LM/NTLM hashes is crucial; it gives a huge list of possibilities to maintain access after an effective exploitation ( i.e. Golden Ticket, password cracking, pass-the hash, etc.) , and looks beautiful when is documented in a pentesting report ;) Common ways to dump hashes There are at least 3 well known ways of extracting the LM/NTLM hashes from Active Directory . Extracting the  NTDS.dit   file from a shadow copy using vssadmin , dumping the tables datatable and link_table with  esedbexport of esedebtools framework , and retrie...