{"version":1,"type":"rich","provider_name":"Libsyn","provider_url":"https:\/\/www.libsyn.com","height":90,"width":600,"title":"7MS #693: Pwning Ninja Hacker Academy \u2013 Part 3","description":"This week your pal and mine Joe \u201cThe Machine\u201d Skeen kept picking away at pwning&amp;nbsp;Ninja Hacker Academy.&amp;nbsp; To review where we\u2019ve been in parts 1 and 2:  We found a SQL injection on a box called&amp;nbsp;SQL,&amp;nbsp;got a privileged Sliver beacon on it, and dumped mimikatz info From that dump, we used the&amp;nbsp;SQL&amp;nbsp;box hash to do a BloodHound run, which revealed that we had excessive permissions over the&amp;nbsp;Computers&amp;nbsp;OU We useddacledit.py&amp;nbsp;to give ourselves too much permission on the&amp;nbsp;Computers&amp;nbsp;OU  Today we:  Did an RBCD attack against the&amp;nbsp;WEB&amp;nbsp;box Requested a service ticket to give us local admin superpowers on&amp;nbsp;WEB Performed a secretsdump against&amp;nbsp;WEB Struggled to do a mimikatz dump at the end of the episode (after we ended the stream I realized I could\u2019ve just done the mimikatz dump because I had local admin access!&amp;nbsp; Oh well, we\u2019ll pick things up again during part 4 next month!)  ","author_name":"7 Minute Security","author_url":"https:\/\/7MinSec.com","html":"<iframe title=\"Libsyn Player\" style=\"border: none\" src=\"\/\/html5-player.libsyn.com\/embed\/episode\/id\/38278300\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/88AA3C\/\" height=\"90\" width=\"600\" scrolling=\"no\"  allowfullscreen webkitallowfullscreen mozallowfullscreen oallowfullscreen msallowfullscreen><\/iframe>","thumbnail_url":"https:\/\/assets.libsyn.com\/secure\/item\/38278300"}