Sep 24, 2019
Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute.
Today's episode is about a pentest that was pretty unique for me. I got to ride shotgun and kind of be in the shadows while helping another team pwn a network.
This was an especially interesting one because the client had a lot of great security defenses in place, including:
We did some looking for pwnage opportunities such as:
What got us a foot in the door was the lack of SMB signing.
Check this gist to
see how you can use RunFinger.py to find hosts without
SMB signing, then use Impacket and
Responder to listen for - and pass - high-priv hashes.
Side note: I'm working on getting a practical pentesting gist together in the vein of Penetration Testing: A Hands-On Introduction to Hacking and Hacker Playbook.