7MS #380: Tales of Internal Network Pentest Pwnage - Part 8
Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute.
Today's episode is a continuation of episode #379, where we:
- Conducted general nmap scans (and additional scans specifically looking for Eternal Blue)
- Sucked our nmap scans into Eyewitness
- Captured and cracked some creds with Paperspace
- Scraped the company's marketing Web site with brutescrape and popped a domain admin account (or so I thought!)
Today, the adventure continues with:
- Checking the environment for CVE-2019-1040
- Picking apart the privileges on my "pseudo domain admin" account
- Making a startling discovery about how almost all corp passwords were stored
Enjoy!