This is a write-up of an internal pentest we did a couple of years ago, that involved several small vulnerabilities but allowed us to successfully exfiltrate a considerable amount of information.
Everything started with an nmap scan of a small internal subnet we were placed at. We didn’t find any promising leads, except for a single exposed SMB share which apparently a developer had created locally to share files between computers. The scan showed something like this.
We successfully checked the access with impacket’s smbclient.py.
We were unable to find any useful information in plaintext, or any sensitive data. But taking a second look, we found an interesting file:
Read the full article @
https://medium.com/@securityshenaningans/chaining-multiple-vulnerabilities-to-exfiltrate-over-250gb-of-pia-2d624f030ed1