Identify Compromises Within Your Organization

Introduction Information Profiling is one of the most important steps in any penetration test. Consultants should investigate all publicly available information about their client prior to starting testing. This includes investigating if the client's domain or emails have been compromised. Several services exist to assist with this such as Have I Been Pwnd (HIBP). Most of these services are also nice enough to provide an API and while we love using them, we don't like entering one email or domain at a time therefore Pastepwnd was born. Pastepwnd is a python based script to assist with recursively looking up emails or domains against the HIBP and Hacked Emails APIs to help identify compromises. If any compromises were identified Pastepwnd will output the data to an HTML file with links to the Pastebin that contains the compromise and an cached version incase the paste has already been removed. Demo Pastepwnd can be found at in our Github repository located at: https://github.com/leapsecurity/Pastepwnd. Open up a terminal and perform a clone of the repository using git clone https://github.com/leapsecurity/Pastepwnd.git. Once you have the repository on your system go ahead and install the requests dependency necessary to run the script. This can easily be done with the requirements.txt file we included in the directory and pip using the following command: pip install -r requirements.txt. Now you should be able to run it without any issues. pastepwnd help menu The help menu describes the program well, users may use pastepwnd and provide a file with multiple emails or domains to check for compromises, but for the purposes of this demo we will quickly check the foo@bar.com email for compromises as shown below. checking email for compromises As shown in the image above, Pastepwnd will produce an HTMl file with the results. Open that up with your favorite browser to see the results in table output along with links to the pastes. html output Conclusion Pastepwnd was created to assist with Information Profiling but also with blue teaming and end users in mind. This tool checks organizations to ensure there hasn't been any publicly available or published information about potential compromises. --
Leap Security is the trusted, dependable, and authoritative source for Information Security services. Leap Security prides itself on providing honest, tailored cyber security solutions that ensure every organization’s needs are met. Headquartered in South Florida, Leap Security travels and has resources across the nation to help secure environments. Security is not a product, but a step-by-step process. Take a Leap with your security today. Reach out to us on twitter @LeapSecurity or email at info@www.leapsecurity.io at anytime.

Identify Compromises Within Your Organization

Introduction Information Profiling is one of the most important steps in any penetration test. Consultants should investigate all publicly available information about their client prior to starting testing. This includes investigating if the client’s domain or emails have been compromised. Several services exist to assist with this such as Have I Been Pwnd (HIBP). Most…

Read more

Defending Against Ransomware and Zero Day Exploits

The Information Security industry has recently experienced a surge of ransomware and zero day releases. The latest ransomware to hit the news, “Wannacry” has affected over 200,000 systems on a global scale. Combine this with the frequent releases of zero day exploits and we now have a serious threat to both organizations and consumers alike….

Read more

Securing Internal Networks: Preventing LLMNR and NBNS Spoofing

Introduction Internal network environments are vast, complex, and unique per organization. Although unique, most internal network environments face being vulnerable to the same high impact issues that others do. This blog entry will be part of a series to depict high impact vulnerabilities common in organizations today. The blog series will provide readers with an…

Read more

Preventing Mass Credential Harvesting: CredCrack, Mimikatz, Pass-the-Hash

This blog post covers best practices on how to secure a network to prevent mass credential harvesting attacks such as the techniques used in CredCrack. We have included best practices and divided them into two sections: Password and Account Security and Workstation Segmentation. Implement as many of the best practices listed below to ensure a…

Read more

Domain Administrator in 17 seconds

Obtaining domain administrative privileges on a security assessment is a goal that many consultants desire. It is what fills us with excitement, as we know that the real fun is about to begin. After several assessments of crunching and spending time obtaining domain administrator privileges I decided I wanted to expedite this process. CredCrack was…

Read more

Performing an Evil Twin Attack with a Router

An evil twin is a common attack vector in any environment where wireless access is available. The attack consists of an attacker spoofing an access point to look as legitimate as its counterpart in attempts to harvest credentials. With that being said let’s take a look at how to set up an evil twin access…

Read more

Installing MinGW (gcc, g++) on Kali Linux to Compile Windows Code

It is possible to compile windows code natively in Backtrack and Kali using MinGW compiler and Wine. While MinGW comes already installed and configured for users in Backtrack, it does not in Kali. Let’s go over how to install and configure MinGW for Kali and how to use it to compile windows code, but first…

Read more

Buffer Overflow: Smashing the Stack Tutorial

Buffer Overflows or stack smashing are common attack vectors. There are numerous tutorials online on how to perform buffer overflows and the theories behind them, but in this example we’ll dive in a little deeper. What you’ll need: VMware or Virtualbox Kali Linux Windows OS (I used Windows 7) Immunity Debugger Vulnerable version of Free…

Read more