7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.
https://7ms.us/
7MS #608: New Tool Release - EvilFortiAuthenticator
Hey friends, today our pal Hackernovice joins us for a tool (actually two tools!) release party:
-
- EvilFortiAuthenticator - it's like a regular FortiAuthenticator, but evil. This tool allows you to capture the FortiAuthenticator API and subsequently steal the entire device's config, subsequently allowing you to restore the config to a second server and potentially steal cleartext Active Directory creds and SMTP accounts! We talk about
- BulletsPassView - a tool that originially allowed us to simply unmask the "hidden" API key in the FortiAuthenticator client (this did NOT work in the latest version of FAC).
- Once you get the API key, check out Fortinet's documentation to do fun things like dump the whole config to a file on disk!
- After you steal the config and restore it to a fresh FortiAuthenticator, use maintenance mode to reset the admin password.
- Once you can adjust the restored config to your liking, try using MITMsmtp to capture email server creds in the clear!
- TCMLobbyBBQ - this tool has nothing to do with security, but helps PC players of the Texas Chain Saw Massacre get into lobbies more efficiently.
- EvilFortiAuthenticator - it's like a regular FortiAuthenticator, but evil. This tool allows you to capture the FortiAuthenticator API and subsequently steal the entire device's config, subsequently allowing you to restore the config to a second server and potentially steal cleartext Active Directory creds and SMTP accounts! We talk about