7MS #395: Tales of Internal Pentest Pwnage - Part 12

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.

In today's tale of pentest pwnage I got to try some tools and tricks for the first time! Here are the key points/takeaways from this test:

• It's great to have additional goals to achieve in a network pentest outside of just "get DA"

• PayloadsAllTheThings has a great section on Active Directory attacks

• Using mitm6 and ntlmrelayx is now my new favorite thing thanks to The Cyber Mentor's fantastic video showing us exactly how to launch this attack!

• If you're scared of running mitm6 and accidentally knocking folks off your network, setup your Kali box to reboot in a few minutes just to be safe. Do something like:

shutdown -r +15 "Rebooting in 15 minutes just in case I mitm6 myself right off this box!"

• When mitm6+ntlmrelay dumps out a series of html/json files with lists of users, groups, etc., read through them! Sometimes they can include treats...like user passwords in the comment fields!

• Use crackmapexec smb IP.OF.DOMAIN.CONTROLLER -u username -p password to verify if your domain creds are good!

There are a bunch of people I need to thank because their tools/encouragement/advice played a part in making the test successful. See today's show notes on 7ms.us for more info!