7MS #693: Pwning Ninja Hacker Academy – Part 3
7 Minute Security19 Syys

7MS #693: Pwning Ninja Hacker Academy – Part 3

This week your pal and mine Joe “The Machine” Skeen kept picking away at pwning Ninja Hacker Academy. To review where we’ve been in parts 1 and 2:

  • We found a SQL injection on a box called SQL, got a privileged Sliver beacon on it, and dumped mimikatz info
  • From that dump, we used the SQL box hash to do a BloodHound run, which revealed that we had excessive permissions over the Computers OU
  • We useddacledit.py to give ourselves too much permission on the Computers OU

Today we:

  • Did an RBCD attack against the WEB box
  • Requested a service ticket to give us local admin superpowers on WEB
  • Performed a secretsdump against WEB
  • Struggled to do a mimikatz dump at the end of the episode (after we ended the stream I realized I could’ve just done the mimikatz dump because I had local admin access! Oh well, we’ll pick things up again during part 4 next month!)

Suosittua kategoriassa Politiikka ja uutiset

rss-ootsa-kuullut-tasta
aikalisa
ootsa-kuullut-tasta-2
rss-podme-livebox
politiikan-puskaradio
rss-vaalirankkurit-podcast
otetaan-yhdet
the-ulkopolitist
et-sa-noin-voi-sanoo-esittaa
rss-kaikki-uusiksi
rss-hyvaa-huomenta-bryssel
rss-raha-talous-ja-politiikka
rikosmyytit
rss-mina-ukkola
rss-pallo-keskelle-2
radio-antro
rss-kuka-mina-olen
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
linda-maria
rss-terveisia-seelannista