HackTheBox - Active

IppSec · Intermediate ·🛡️ AI Safety & Ethics ·7y ago

Skills: Tool Use & Function Calling90%Agent Foundations80%AI Security70%Defensive AI60%

01:10 - Begin of recon 03:00 - Poking at DNS - Nothing really important. 04:00 - Examining what NMAP Scripts are ran. 06:35 - Lets just try out smbclient to list shares available 07:25 - Using SMBMap to show the same thing, a great recon tool! 08:30 - Pillaging the Replication Share with SMBMap 09:20 - Discovering Groups.xml and then decrypting passwords from it 13:10 - Dumping Active Directory users from linux with Impacket GetADUsers 16:28 - Using SMBMap with our user credentials to look for more shares 18:25 - Switching to Windows to run BloodHound against the domain 26:00 - Analyzing BloodHound Output to discover Kerberostable user 27:25 - Performing Kerberoast attack from linux with Impacket GetUsersSPNs 29:00 - Cracking tgs 23 with Hashcat 30:00 - Getting root on the box via PSEXEC

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

More on: Tool Use & Function Calling

View skill →

Adding a Phone Gateway to a Virtual Agent

Administering an AlloyDB Database

Cloud Storage: Qwik Start - CLI/SDK

Cloud Composer: Copying BigQuery Tables Across Different Locations

Getting started with Firebase Cloud Firestore

Getting Started with Liquid to Customize the Looker User Experience

Related AI Lessons

When AI Gets It Wrong: The Hidden Security Risk of Hallucinations in Cybersecurity

Learn about the hidden security risk of AI hallucinations in cybersecurity and how to mitigate it

AI Can't Stop AI? Wrong Problem. Wrong Layer.

AI security issues require a layered approach, not a single solution

Dev.to · Cor E

The Hidden Cost of Every Query You Send

Learn how AI queries impact your electricity bill and the environment, and what you can do to reduce the hidden cost

Dev.to · Talal Ahmad

When AI Becomes Someone

Learn how AI intimacy can impact safety and why it matters for future AI development

Chapters (14)

1:10 Begin of recon

3:00 Poking at DNS - Nothing really important.

4:00 Examining what NMAP Scripts are ran.

6:35 Lets just try out smbclient to list shares available

7:25 Using SMBMap to show the same thing, a great recon tool!

8:30 Pillaging the Replication Share with SMBMap

9:20 Discovering Groups.xml and then decrypting passwords from it

13:10 Dumping Active Directory users from linux with Impacket GetADUsers

16:28 Using SMBMap with our user credentials to look for more shares

18:25 Switching to Windows to run BloodHound against the domain

26:00 Analyzing BloodHound Output to discover Kerberostable user

27:25 Performing Kerberoast attack from linux with Impacket GetUsersSPNs

29:00 Cracking tgs 23 with Hashcat

30:00 Getting root on the box via PSEXEC

AI Management Essentials: Integrating ISO 42001 & ISO 23894