7MS #379: Tales of Internal Network Pentest Pwnage - Part 7
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
This episode, besides talking about a man who screamed at me for not being on my cell phone, covers another tale of internal network pentest pwnage! Topics/tactics covered include:
- Review of setting up your DIY pentest dropbox
- Choosing the right hardware (I'm partial to this NUC)
- Running Responder to catch creds
- Using Eyewitness to snag screenshots of stuff discovered with nmap scanning
- Nmap for Eternal Blue with
nmap -Pn -p445 --open --max-hostgroup 3 --script smb-vuln-ms17-010 192.168.0.0/24
- Running Sharphound to get a map of the AD environment
- Cracking creds with Paperspace
- When cracking, make sure to scrape the customer's public Web sites for more wordlist ideas!