7MS #428: Tales of Internal Network Pentest Pwnage - Part 20
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit [safepass.me](https://safepass.me/?7ms428 for more details, and tell them 7 Minute Security sent you to get a 10% discount!
Welcome to another fun tale of internal pentest pwnage! Today's tale includes these helpful informational tidbits:
-
My understanding is that in order for mitm6 relay attacks to work against DCs, those DCs have to have LDAPS config'd properly. Use
nmap -sV -p646 name.of.domain.controller
to verify this (thanks this site for the tip!) -
PowerView is awesome when used with
Find-InterestingDomainShareFile
to find interesting files with the word password or sensitive or other helpful strings. -
eavesarp helped me identify some weird hosts on weird subnets sending regular bursts of traffic to "interesting" hosts! Check out this video from Black Hills Infosec to learn more.
I've also got some personal updates for you, including:
- House updates
- Fighting with the man/woman upstairs
- My worst Webinar nightmare came true
- A socially distanced wedding singing experience