7MS #401: Tales of Internal Pentest Pwnage - Part 15
7 Minute Security21 Helmi 2020

7MS #401: Tales of Internal Pentest Pwnage - Part 15

It's episode 401 and we're having fun, right? Some things we cover today:

  • The Webinar version of the DIY Pwnagotchi evening will be offered in Webinar format on Tuesday, March 10 at 10 a.m.

  • A quick house fire update - we're closer to demolition now!

  • I finally got a new guitar!

Besides that, I've got a wonderful tale of pentest pwnage for you. Warning: this is a TBC (to be continued) episode in that I don't even know how it will shake out. I'm honestly not sure if we'll get DA! Here are the highlights:

  • I think in the past I might've said unauthenticated Nessus scans weren't worth much, but this test changed my mind.

  • If you can't dump local hashes with CrackMapExec, try SecretsDump!

./secretsdump.py -target-ip {IP of target machine} localhost/{username}@{target IP}
  • If you're relaying net user commands (or just typing them from a relayed shell), this one-liner is a good way to quickly add your user to local admins and the Remote Desktop Users group:
net user /add ladmin1 s00p3rn4ughtyguy! /Y & net localgroup Administrators ladmin1 /add & net localgroup "Remote Desktop Users" ladmin1 /add

  • Trying to RDP into a box protected with Duo MFA? If you can edit the c:\windows\system32\drivers\etc\hosts file, you might be able change the Duo authentication server from api-xxxxxxx.duosecurity.com to 127.0.0.1 and force authenetication to fail open! Source: Pentest Partners

  • In general, keep an eye on CrackMapExec's output whenever you use the '-x' flag to run commands. If the system is "hanging" on a command for a while and then gives you NO output and just drops you back at your Kali prompt, the command might not be running at all due to something else on the system blocking your efforts.

More on today's show notes at 7ms.us!

Jaksot(720)

7MS #720: Tales of Pentest Pwnage – Part 84

7MS #720: Tales of Pentest Pwnage – Part 84

Hey friends! Today's another Tales of Pentest Pwnage! Quick tangent first on a couple side projects: I've got a music thing at quack.house (like the duck noise, not the drug) and a podcast with my dan...

1 Touko 43min

7MS #719: Baby's First OpenClaw

7MS #719: Baby's First OpenClaw

Hey friends! This week's episode is "Baby's First OpenClaw" – basically me shouting into the void hoping a smart listener will DM me and explain why this thing is supposed to be life-changing. Because...

24 Huhti 28min

7MS #718: Fun Professional and Personal AI Project Ideas

7MS #718: Fun Professional and Personal AI Project Ideas

Hey friends! After last week's heavy episode about my wife's health scare in Punta Cana, today's is a lighter one. (Quick update: she's doing better – still recovering, but appetite's back and she's g...

17 Huhti 28min

7MS #717: I Gave Up My Wife's PHI (And I'd Do It Again)

7MS #717: I Gave Up My Wife's PHI (And I'd Do It Again)

Hello friends! Today's episode is a bit of a detour from our usual content — it's part vacation horror story, part security/privacy confession. My wife got seriously ill during our spring break trip t...

10 Huhti 48min

7MS #716: Tales of Pentest Pwnage – Part 83

7MS #716: Tales of Pentest Pwnage – Part 83

Today is my favorite pentest pwnage tale of 2026 – and maybe ever!  It centers around an ADCS abuse via an attack path I'd never seen before.  Tips include: Use Netexec to pull Powershell history Try...

3 Huhti 33min

7MS #715: Tales of Pentest Pwnage – Part 82

7MS #715: Tales of Pentest Pwnage – Part 82

Hola friends!  Today's another fun tale of pentest pwnage.  This time we started with no credentials and then set off on the bumpy journey from no-cred zero to domain admin hero!  One specific referen...

27 Maalis 20min

7MS #714: Tales of Pentest Pwnage – Part 81

7MS #714: Tales of Pentest Pwnage – Part 81

Hello friends!  We're back with a fun tale of internal network pentest pwnage.  This one highlights how AI can be used (with some guardrails!) to automate the boring stuff – and even help you pick par...

20 Maalis 22min

7MS #713: How to Secure Your Community – Part 3

7MS #713: How to Secure Your Community – Part 3

Hello friends, in today's edition of How to Secure Your Community, I give a brief recap of part 1 and part 2, and then dive into some cool phone shortcuts you can setup so that with a single tap, you ...

13 Maalis 31min

Suosittua kategoriassa Politiikka ja uutiset

uutiscast
aikalisa
politiikan-puskaradio
rss-ootsa-kuullut-tasta
ootsa-kuullut-tasta-2
rss-podme-livebox
tervo-halme
rss-pinnalla
aihe
et-sa-noin-voi-sanoo-esittaa
rss-vaalirankkurit-podcast
the-ulkopolitist
rss-kaikki-uusiksi
rss-ulkopoditiikkaa
otetaan-yhdet
viisupodi
rss-uusi-juttu-mediastartupin-tarina
rss-asiastudio
rss-girls-finish-f1rst
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset