1 rich Libsyn https://www.libsyn.com 90 600 This week your pal and mine Joe “The Machine” Skeen kept picking away at pwning&amp;nbsp;Ninja Hacker Academy.&amp;nbsp; To review where we’ve been in parts 1 and 2: We found a SQL injection on a box called&amp;nbsp;SQL,&amp;nbsp;got a privileged Sliver beacon on it, and dumped mimikatz info From that dump, we used the&amp;nbsp;SQL&amp;nbsp;box hash to do a BloodHound run, which revealed that we had excessive permissions over the&amp;nbsp;Computers&amp;nbsp;OU We useddacledit.py&amp;nbsp;to give ourselves too much permission on the&amp;nbsp;Computers&amp;nbsp;OU Today we: Did an RBCD attack against the&amp;nbsp;WEB&amp;nbsp;box Requested a service ticket to give us local admin superpowers on&amp;nbsp;WEB Performed a secretsdump against&amp;nbsp;WEB Struggled to do a mimikatz dump at the end of the episode (after we ended the stream I realized I could’ve just done the mimikatz dump because I had local admin access!&amp;nbsp; Oh well, we’ll pick things up again during part 4 next month!) 7 Minute Security https://7MinSec.com <iframe title="Libsyn Player" style="border: none" src="//html5-player.libsyn.com/embed/episode/id/38278300/height/90/theme/custom/thumbnail/yes/direction/forward/render-playlist/no/custom-color/88AA3C/" height="90" width="600" scrolling="no" allowfullscreen webkitallowfullscreen mozallowfullscreen oallowfullscreen msallowfullscreen></iframe> https://assets.libsyn.com/secure/item/38278300