Wow, happy 400th episode everybody! Also, happy SIXTH birthday to the 7MS podcast!
Today I’ve got a really fun tale of internal network pentest pwnage to share with you, as well as a story about a "poop-petrator." Key moments and takeaways include:
-
Your target network might have heavy egress filtering in place. I recommend doing full
apt-get update
andapt-get upgrade
and grabbing all the tools you need (may I suggest my script for this?). -
If the CrackMapExec
--sam
flag doesn’t work for you, give secretsdump a try, as I ran it on an individual Win workstation and it worked like a champ! -
If the latest mimikatz release doesn’t rip out passwords for you, try the release from last August. For whatever reason (thanks 0xdf) for the tip!
-
If your procdumps of lsass appear to be small, endpoint protection might be getting in the way! You might be able to figure out what’s running – and stop the service(s) – with CrackMapExec and the
-x 'tasklist /v'
flag. -
If you need to bypass endpoint protection, don’t be afraid to go deep into the Google search results. Unfortunately, I think that’s all I can say about that, as vendors seem to get snippy about talking about bypasses publicly.
Has 7MS helped you in your IT and security career? Please consider buying me a coffee!
Share on socials: