7MS #380: Tales of Internal Network Pentest Pwnage - Part 8

Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute.

Today's episode is a continuation of episode #379, where we:

• Conducted general nmap scans (and additional scans specifically looking for Eternal Blue)
• Sucked our nmap scans into Eyewitness
• Captured and cracked some creds with Paperspace
• Scraped the company's marketing Web site with brutescrape and popped a domain admin account (or so I thought!)

Today, the adventure continues with:

• Checking the environment for CVE-2019-1040
• Picking apart the privileges on my "pseudo domain admin" account
• Making a startling discovery about how almost all corp passwords were stored

Enjoy!