Discover7 Minute Security7MS #693: Pwning Ninja Hacker Academy – Part 3
7MS #693: Pwning Ninja Hacker Academy – Part 3

7MS #693: Pwning Ninja Hacker Academy – Part 3

Update: 2025-09-19
Share

Description

This week your pal and mine Joe “The Machine” Skeen kept picking away at pwning Ninja Hacker Academy.  To review where we’ve been in parts 1 and 2:

  • We found a SQL injection on a box called SQL, got a privileged Sliver beacon on it, and dumped mimikatz info
  • From that dump, we used the SQL box hash to do a BloodHound run, which revealed that we had excessive permissions over the Computers OU
  • We useddacledit.py to give ourselves too much permission on the Computers OU

Today we:

  • Did an RBCD attack against the WEB box
  • Requested a service ticket to give us local admin superpowers on WEB
  • Performed a secretsdump against WEB
  • Struggled to do a mimikatz dump at the end of the episode (after we ended the stream I realized I could’ve just done the mimikatz dump because I had local admin access!  Oh well, we’ll pick things up again during part 4 next month!)
Comments 
loading
In Channel
7MS #694: Tales of Pentest Pwnage – Part 77

7MS #694: Tales of Pentest Pwnage – Part 77

2025-09-2633:11

7MS #693: Pwning Ninja Hacker Academy – Part 3

7MS #693: Pwning Ninja Hacker Academy – Part 3

2025-09-1928:44

7MS #692: Tales of Pentest Pwnage – Part 76

7MS #692: Tales of Pentest Pwnage – Part 76

2025-09-1232:45

7MS #691: Tales of Pentest Pwnage – Part 75

7MS #691: Tales of Pentest Pwnage – Part 75

2025-09-0531:39

7MS #690: Tales of Pentest Pwnage – Part 74

7MS #690: Tales of Pentest Pwnage – Part 74

2025-08-2921:13

7MS #689: Pwning Ninja Hacker Academy – Part 2

7MS #689: Pwning Ninja Hacker Academy – Part 2

2025-08-2215:40

7MS #688: Building a Pentest Training Course Is Fun and Frustrating

7MS #688: Building a Pentest Training Course Is Fun and Frustrating

2025-08-1622:13

7MS #687: A Peek into the 7MS Mail Bag – Part 5

7MS #687: A Peek into the 7MS Mail Bag – Part 5

2025-08-1157:26

7MS #686: Our New Pentest Training Course is Almost Ready

7MS #686: Our New Pentest Training Course is Almost Ready

2025-08-0123:30

7MS #685: The Time My Neighbor Almost Got Scammed Out of $13K

7MS #685: The Time My Neighbor Almost Got Scammed Out of $13K

2025-07-2522:56

7MS #684: Pwning Ninja Hacker Academy

7MS #684: Pwning Ninja Hacker Academy

2025-07-1822:50

7MS #683: What I'm Working on This Week - Part 4

7MS #683: What I'm Working on This Week - Part 4

2025-07-1230:50

7MS #682: Securing Your Family During and After a Disaster – Part 7

7MS #682: Securing Your Family During and After a Disaster – Part 7

2025-07-0430:59

7MS #681: Pentesting GOAD – Part 3

7MS #681: Pentesting GOAD – Part 3

2025-06-2718:18

7MS #680: Tips for a Better Purple Team Experience

7MS #680: Tips for a Better Purple Team Experience

2025-06-2026:48

7MS #679: Tales of Pentest Pwnage – Part 73

7MS #679: Tales of Pentest Pwnage – Part 73

2025-06-1330:12

7MS #678: How to Succeed in Business Without Really Crying – Part 22

7MS #678: How to Succeed in Business Without Really Crying – Part 22

2025-06-0633:39

7MS #677: That One Time I Was a Victim of a Supply Chain Attack

7MS #677: That One Time I Was a Victim of a Supply Chain Attack

2025-05-3013:48

7MS #676: Tales of Pentest Pwnage – Part 72

7MS #676: Tales of Pentest Pwnage – Part 72

2025-05-2759:34

7MS #675: Pentesting GOAD – Part 2

7MS #675: Pentesting GOAD – Part 2

2025-05-1631:41

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
1.0x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

7MS #693: Pwning Ninja Hacker Academy – Part 3

7MS #693: Pwning Ninja Hacker Academy – Part 3