))
7MS #693: Pwning Ninja Hacker Academy – Part 3
Manage episode 507355070 series 3603998
Content provided by Brian Johnson. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Brian Johnson or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
This week your pal and mine Joe “The Machine” Skeen kept picking away at pwning Ninja Hacker Academy. To review where we’ve been in parts 1 and 2:
- We found a SQL injection on a box called SQL, got a privileged Sliver beacon on it, and dumped mimikatz info
- From that dump, we used the SQL box hash to do a BloodHound run, which revealed that we had excessive permissions over the Computers OU
- We useddacledit.py to give ourselves too much permission on the Computers OU
Today we:
- Did an RBCD attack against the WEB box
- Requested a service ticket to give us local admin superpowers on WEB
- Performed a secretsdump against WEB
- Struggled to do a mimikatz dump at the end of the episode (after we ended the stream I realized I could’ve just done the mimikatz dump because I had local admin access! Oh well, we’ll pick things up again during part 4 next month!)
695 episodes
Share
