7MS #382: Tales of Internal Network Pentest Pwnage - Part 9
Sep 24, 2019 • 35 minutes
Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute.
Today's episode is about a pentest that was pretty unique for me. I got to ride shotgun and kind of be in the shadows while helping another team pwn a network.
This was an especially interesting one because the client had a lot of great security defenses in place, including:
We did some looking for pwnage opportunities such as:
What got us a foot in the door was the lack of SMB signing. Check this gist to see how you can use
RunFinger.py to find hosts without SMB signing, then use Impacket and Responder to listen for - and pass - high-priv hashes.
Side note: I'm working on getting a practical pentesting gist together in the vein of Penetration Testing: A Hands-On Introduction to Hacking and Hacker Playbook.
Choose from the options below to listen and subscribe to 7 Minute Security in your podcast app of choice. By subscribing you will receive new episodes automatically.
Search for 7 Minute Security or copy the URL below and enter it in your podcast application.