Wow, happy 400th episode everybody! Also, happy SIXTH birthday to the 7MS podcast!
Today I've got a really fun tale of internal network pentest pwnage to share with you, as well as a story about a "poop-petrator." Key moments and takeaways include:
Your target network might have heavy egress filtering in place. I recommend doing full
apt-get upgradeand grabbing all the tools you need (may I suggest my script for this?).
If the CrackMapExec
--samflag doesn't work for you, give secretsdump a try, as I ran it on an individual Win workstation and it worked like a champ!
If your procdumps of lsass appear to be small, endpoint protection might be getting in the way! You might be able to figure out what's running - and stop the service(s) - with CrackMapExec and the
-x 'tasklist /v'flag.
If you need to bypass endpoint protection, don't be afraid to go deep into the Google search results. Unfortunately, I think that's all I can say about that, as vendors seem to get snippy about talking about bypasses publicly.
Has 7MS helped you in your IT and security career? Please consider buying me a coffee!