7MS #400: Tales of Internal Pentest Pwnage - Part 14
Feb 14, 2020 • 65 minutes
Wow, happy 400th episode everybody! Also, happy SIXTH birthday to the 7MS podcast!
Today I've got a really fun tale of internal network pentest pwnage to share with you, as well as a story about a "poop-petrator." Key moments and takeaways include:
Your target network might have heavy egress filtering in place. I recommend doing full
apt-get update and
apt-get upgrade and grabbing all the tools you need (may I suggest my script for this?).
If the CrackMapExec
--sam flag doesn't work for you, give secretsdump a try, as I ran it on an individual Win workstation and it worked like a champ!
If your procdumps of lsass appear to be small, endpoint protection might be getting in the way! You might be able to figure out what's running - and stop the service(s) - with CrackMapExec and the
-x 'tasklist /v' flag.
If you need to bypass endpoint protection, don't be afraid to go deep into the Google search results. Unfortunately, I think that's all I can say about that, as vendors seem to get snippy about talking about bypasses publicly.
Has 7MS helped you in your IT and security career? Please consider buying me a coffee!
Choose from the options below to listen and subscribe to 7 Minute Security in your podcast app of choice. By subscribing you will receive new episodes automatically.
Search for 7 Minute Security or copy the URL below and enter it in your podcast application.