On a recent penetration test I made heavy use of Sec-1 Ltd’s tool sharecheck in a way to gain Domain Administrator privileges that had previously been missed. Effectively there was a lot of ground work in horizontal propagation which I automated through Meterpreter and Sharecheck. I’ve mentioned Sharecheck before on my Internal Penetration Testing post, but I don’t believe I’ve ever ran through the features of this tool which I make use of on almost every test. Effectively this tool allows you to do four main things:
A common and critical vulnerability exploited during penetration tests is that of reused Local Administrator passwords. This issue is a common one it allows an attacker to find a vulnerable machine on a network, pull the administrative hash out of that machine and then log-in to a more interesting machine or ultimately privilege escalate.