Discover7 Minute Security7MS #650: Tales of Pentest Pwnage - Part 65
7MS #650: Tales of Pentest Pwnage - Part 65

7MS #650: Tales of Pentest Pwnage - Part 65

Update: 2024-11-15
Share

Description

Oooooo, giggidy! Today is (once again) my favorite tale of pentest pwnage. I learned about a feature of PowerUpSQL that helped me find a “hidden” SQL account, and that account ended up being the key to the entire pentest!  I wonder how many hidden SQL accounts I’ve missed on past pentests….SIGH! Check out the awesome BloodHound gang thread about this here.

Also, can’t get Rubeus monitor mode to capture TGTs to the registry?  Try output to file instead:

rubeus monitor /interval:5 /nowrap /runfor:60 /consoleoutfile:c:\users\public\some-innocent-looking-file.log

In the tangent department, I talk about a personal music project I’m resurrecting to help my community.

Comments 
loading
00:00
00:00
1.0x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

7MS #650: Tales of Pentest Pwnage - Part 65

7MS #650: Tales of Pentest Pwnage - Part 65