7MS #364: Tales of External Pentest Pwnage


Manage episode 234315923 series 1288763
By Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio streamed directly from their servers.

This episode of the 7 Minute Security Podcast is brought to you by Authentic8, creators of Silo. Silo allows its users to conduct online investigations to collect information off the web securely and anonymously. For more information, check out Authentic8.

This episode features cool things I'm learning about external pentesting. But first, some updates:

  • My talk at Secure360 went really well. Only slightly #awkward thing is I felt an overwhelming need to change my title slide to talk about the fact that I don't drink.

  • The 7MS User Group went well. We'll resume in the late summer or early fall and do a session on lockpicking!

  • Wednesday night my band had the honor of singing at a Minnesota LEMA service and wow, what an honor. To see the sea of officers and their supportive families and loved ones was incredibly powerful.

On the external pentest front, here are some items we cover in today's show:

  • MailSniper's Invoke-DomainHarvestOWA helps you discover the FQDN of your mail server target. Invoke-UsernameHarvestOWA helps you figure out what username scheme your target is using. Invoke-PasswordSprayOWA helps you do a low and slow password spray to hopefully find some creds!

  • Once inside the network, CrackMapExec is your friend. You can figure out where your compromised creds are valid across the network with this syntax:

crackmapexec smb -u USER -p ‘PASSWORD’ -d YOURDOMAIN

You can also find what shares you have access to with:

crackmapexec smb -u USER -p ‘PASSWORD’ -d YOURDOMAIN --shares

Sift through those shares! They often have VERY delicious bits of information in them :-)

373 episodes available. A new episode about every 6 days averaging 33 mins duration .