7MS #379: Tales of Internal Network Pentest Pwnage - Part 7

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

This episode, besides talking about a man who screamed at me for not being on my cell phone, covers another tale of internal network pentest pwnage! Topics/tactics covered include:

• Review of setting up your DIY pentest dropbox
• Choosing the right hardware (I'm partial to this NUC)
• Running Responder to catch creds
• Using Eyewitness to snag screenshots of stuff discovered with nmap scanning
• Nmap for Eternal Blue with nmap -Pn -p445 --open --max-hostgroup 3 --script smb-vuln-ms17-010 192.168.0.0/24
• Running Sharphound to get a map of the AD environment
• Cracking creds with Paperspace
• When cracking, make sure to scrape the customer's public Web sites for more wordlist ideas!