7MS #668: Tales of Pentest Pwnage – Part 69

Hola friends! Today’s tale of pentest pwnage talks about abusing Exchange and the Azure ADSync account! Links to the discussed things:

adconnectdump – for all your ADSync account dumping needs!
Adam Chester PowerShell script to dump MSOL service account
dacledit.py (part of Impacket) to give myself full write privileges on the MSOL sync account: dacledit.py -action ‘write’ -rights ‘FullControl’ -principal lowpriv -target MSOL-SYNC-ACCOUNT -dc-ip 1.2.3.4 domain.com/EXCHANGEBOX$ -k -no-pass
Looking to tighten up your Exchange permissions – check out this crazy detailed post

Oppdag Premium

Prøv 14 dager gratis

Show notes here: https://7ms.us/7ms-185-vulnhub-walkthrough-lord-of-the-root/

3 Mai 20167min

Show notes here: https://7ms.us/7ms-184-infosec-news-and-links-roundup/

29 Apr 201616min

Show notes here: https://7ms.us/7ms-183-offtopic-the-invitation/

28 Apr 20168min

Show notes here: https://7ms.us/7ms-182-vulnhub-walkthrough-sickos/

25 Apr 20169min

Show notes here: https://7ms.us/7ms-181-infosec-news-and-links-roundup/

23 Apr 201611min

Show notes here: https://7ms.us/7ms-180-vulnhub-walkthrough-skydog-ctf/

21 Apr 201612min

Show notes here: https://7ms.us/7ms-179-bring-new-life-to-an-old-mac-with-osx-server/

19 Apr 201610min

Show notes here: https://7ms.us/7ms-178-infosec-news-and-links-roundup/

15 Apr 201613min

Hør populære podkaster som Storefri med Mikkel og Herman, Ida med hjertet i hånden, Krimpodden og mye mye mer

I appen skaper du ditt eget bibliotek med favoritter, og vi gir deg også anbefalinger til podkaster du ikke kan gå glipp av.

Dersom du er ny Podme-bruker får du 14 dager gratis prøveperiode når du oppretter abonnement

kr 99/mnd

kr 129/mnd

Ubegrenset tilgang til alle dine favorittpodkaster