7MS #380: Tales of Internal Network Pentest Pwnage - Part 8
1 min read Podcast, Pentesting

7MS #380: Tales of Internal Network Pentest Pwnage - Part 8

Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute.

Today's episode is a continuation of episode #379, where we:

  • Conducted general nmap scans (and additional scans specifically looking for Eternal Blue)
  • Sucked our nmap scans into Eyewitness
  • Captured and cracked some creds with Paperspace
  • Scraped the company's marketing Web site with brutescrape and popped a domain admin account (or so I thought!)

Today, the adventure continues with:

  • Checking the environment for CVE-2019-1040
  • Picking apart the privileges on my "pseudo domain admin" account
  • Making a startling discovery about how almost all corp passwords were stored

Enjoy!