7MS #380: Tales of Internal Network Pentest Pwnage - Part 8

Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute. Today's episode is a continuation of episode #379, where we: Conducted general nmap scans (and additional scans specifically looking for Eternal Blue) Sucked our nmap scans into Eyewitness Captured and cracked some creds with Paperspace Scraped the company's marketing Web site with brutescrape and popped a domain admin account (or so I thought!) Today, the adventure continues with: Checking the environment for CVE-2019-1040 Picking apart the privileges on my "pseudo domain admin" account Making a startling discovery about how almost all corp passwords were stored Enjoy!