Feb 14, 2020
Wow, happy 400th episode everybody! Also, happy SIXTH birthday to the 7MS podcast!
Today I've got a really fun tale of internal network pentest pwnage to share with you, as well as a story about a "poop-petrator." Key moments and takeaways include:
Your target network might have heavy egress filtering in place.
I recommend doing full apt-get update
and
apt-get upgrade
and grabbing all the tools you need
(may I suggest my script
for this?).
If the CrackMapExec --sam
flag doesn't work for
you, give secretsdump a
try, as I ran it on an individual Win workstation and it worked
like a champ!
If the latest mimikatz release doesn't rip out passwords for you, try the release from last August. For whatever reason (thanks 0xdf) for the tip!
If your procdumps of lsass appear to be small, endpoint
protection might be getting in the way! You might be able
to figure out what's running - and stop the service(s) - with
CrackMapExec and the -x 'tasklist /v'
flag.
If you need to bypass endpoint protection, don't be afraid to go deep into the Google search results. Unfortunately, I think that's all I can say about that, as vendors seem to get snippy about talking about bypasses publicly.
Has 7MS helped you in your IT and security career? Please consider buying me a coffee!