Escalating Access

Strategy

ENUMERATE EVERYTHING AND SCREENSHOT ALL FINDINGS

Password Spray using TREVORSpray or any similar tool
After gaining a foothold search the emails for anything related to VPNs and Passwords
- SharePoint is a great place to search of passwords in spreadsheets
- Take screenshots of any sensitive information or files you have access to as evidence
Log into portal.azure.com and dump out all of the user accounts on the Domain
- The more accounts you have, the better possibility of a successful password spray
- Add a new user if the breached account has permissions to do so
Password Spray against all of the new accounts
Figure out how they log into their VPN and connect to the network

Escalating access may turn into a cycle of breaching an account, enumerating it, try to get into the internal network through the account, breaching more accounts through the original ... and so on

PreviousBypassing MFA NextCommon Pentest Findings

Last updated 11 months ago

Was this helpful?

Escalating Access

Strategy

ENUMERATE EVERYTHING AND SCREENSHOT ALL FINDINGS

Password Spray using TREVORSpray or any similar tool
After gaining a foothold search the emails for anything related to VPNs and Passwords
- SharePoint is a great place to search of passwords in spreadsheets
- Take screenshots of any sensitive information or files you have access to as evidence
Log into portal.azure.com and dump out all of the user accounts on the Domain
- The more accounts you have, the better possibility of a successful password spray
- Add a new user if the breached account has permissions to do so
Password Spray against all of the new accounts
Figure out how they log into their VPN and connect to the network

Escalating access may turn into a cycle of breaching an account, enumerating it, try to get into the internal network through the account, breaching more accounts through the original ... and so on

PreviousBypassing MFA NextCommon Pentest Findings

Last updated 11 months ago

Was this helpful?