7MS #395: Tales of Internal Pentest Pwnage - Part 12
Jan 9, 2020 • 66 minutes
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.
In today's tale of pentest pwnage I got to try some tools and tricks for the first time! Here are the key points/takeaways from this test:
It's great to have additional goals to achieve in a network pentest outside of just "get DA"
If you're scared of running mitm6 and accidentally knocking folks off your network, setup your Kali box to reboot in a few minutes just to be safe. Do something like:
shutdown -r +15 "Rebooting in 15 minutes just in case I mitm6 myself right off this box!"
When mitm6+ntlmrelay dumps out a series of html/json files with lists of users, groups, etc., read through them! Sometimes they can include treats...like user passwords in the comment fields!
crackmapexec smb IP.OF.DOMAIN.CONTROLLER -u username -p password to verify if your domain creds are good!
There are a bunch of people I need to thank because their tools/encouragement/advice played a part in making the test successful. See today's show notes on 7ms.us for more info!
Choose from the options below to listen and subscribe to 7 Minute Security in your podcast app of choice. By subscribing you will receive new episodes automatically.
Search for 7 Minute Security or copy the URL below and enter it in your podcast application.