7MS #379: Tales of Internal Network Pentest Pwnage - Part 7
1 min read Podcast, Pentesting

7MS #379: Tales of Internal Network Pentest Pwnage - Part 7

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

This episode, besides talking about a man who screamed at me for not being on my cell phone, covers another tale of internal network pentest pwnage! Topics/tactics covered include:

  • Review of setting up your DIY pentest dropbox
  • Choosing the right hardware (I'm partial to this NUC)
  • Running Responder to catch creds
  • Using Eyewitness to snag screenshots of stuff discovered with nmap scanning
  • Nmap for Eternal Blue with nmap -Pn -p445 --open --max-hostgroup 3 --script smb-vuln-ms17-010
  • Running Sharphound to get a map of the AD environment
  • Cracking creds with Paperspace
  • When cracking, make sure to scrape the customer's public Web sites for more wordlist ideas!