HackTheBox - Active

Name: HackTheBox - Active
Uploaded: 2018-12-08T15:03:28Z
Channel: IppSec
Description: 01:10 - Begin of recon 03:00 - Poking at DNS - Nothing really important. 04:00 - Examining what NMAP Scripts are ran. 06:35 - Lets just try out smbcli...

IppSec · Intermediate ·🛡️ AI Safety & Ethics ·7y ago

01:10 - Begin of recon 03:00 - Poking at DNS - Nothing really important. 04:00 - Examining what NMAP Scripts are ran. 06:35 - Lets just try out smbclient to list shares available 07:25 - Using SMBMap to show the same thing, a great recon tool! 08:30 - Pillaging the Replication Share with SMBMap 09:20 - Discovering Groups.xml and then decrypting passwords from it 13:10 - Dumping Active Directory users from linux with Impacket GetADUsers 16:28 - Using SMBMap with our user credentials to look for more shares 18:25 - Switching to Windows to run BloodHound against the domain 26:00 - Analyzing Bl…

Watch on YouTube ↗ (saves to browser)

Chapters (14)

1:10 Begin of recon

3:00 Poking at DNS - Nothing really important.

4:00 Examining what NMAP Scripts are ran.

6:35 Lets just try out smbclient to list shares available

7:25 Using SMBMap to show the same thing, a great recon tool!

8:30 Pillaging the Replication Share with SMBMap

9:20 Discovering Groups.xml and then decrypting passwords from it

13:10 Dumping Active Directory users from linux with Impacket GetADUsers

16:28 Using SMBMap with our user credentials to look for more shares

18:25 Switching to Windows to run BloodHound against the domain

26:00 Analyzing BloodHound Output to discover Kerberostable user

27:25 Performing Kerberoast attack from linux with Impacket GetUsersSPNs

29:00 Cracking tgs 23 with Hashcat

30:00 Getting root on the box via PSEXEC

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →