7MS #380: Tales of Internal Network Pentest Pwnage - Part 8

Sep 5, 201929 minutes


Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute.

Today's episode is a continuation of episode #379, where we:

  • Conducted general nmap scans (and additional scans specifically looking for Eternal Blue)
  • Sucked our nmap scans into Eyewitness
  • Captured and cracked some creds with Paperspace
  • Scraped the company's marketing Web site with brutescrape and popped a domain admin account (or so I thought!)

Today, the adventure continues with:

  • Checking the environment for CVE-2019-1040
  • Picking apart the privileges on my "pseudo domain admin" account
  • Making a startling discovery about how almost all corp passwords were stored

Enjoy!

7MS #377: DIY Pentest Dropbox Tips

Aug 16, 201929 minutes


7MS #376: Tales of SQL Injection Pwnage

Aug 12, 201939 minutes


7MS #375: Tales of Pentest Fail #3

Aug 2, 201941 minutes




Listen Now

Automatically download new episodes