HackTheBox - Aero

Name: HackTheBox - Aero
Uploaded: 2023-09-28T17:00:09Z
Channel: IppSec
Description: 00:00 - Introduction 00:56 - Start of nmap 04:20 - Looking for Windows Exploits around Themes and discovering ThemeBleed (CVE-2023-38146) 06:30 - Creati...

IppSec · Beginner ·📄 Research Papers Explained ·2y ago

00:00 - Introduction 00:56 - Start of nmap 04:20 - Looking for Windows Exploits around Themes and discovering ThemeBleed (CVE-2023-38146) 06:30 - Creating a DLL that exports VerifyThemeVersion and then compiling from Linux 10:50 - Showing the exports of the DLL to confirm it is there, then hiding the ReverseShell export 12:30 - Testing our DLL from our windows computer 13:30 - Creating the malicious Windows Theme 17:20 - Setting up a SOCAT forward to send port 445 from our linux box to our Windows Box 19:20 - Updating the IP Address in our DLL and then getting a shell 22:10 - Downloading the P…

Watch on YouTube ↗ (saves to browser)

Chapters (13)

Introduction

0:56 Start of nmap

4:20 Looking for Windows Exploits around Themes and discovering ThemeBleed (CVE-202

6:30 Creating a DLL that exports VerifyThemeVersion and then compiling from Linux

10:50 Showing the exports of the DLL to confirm it is there, then hiding the Reverse

12:30 Testing our DLL from our windows computer

13:30 Creating the malicious Windows Theme

17:20 Setting up a SOCAT forward to send port 445 from our linux box to our Windows

19:20 Updating the IP Address in our DLL and then getting a shell

22:10 Downloading the PDF by converting it to base64 and then copy and pasting it to

23:45 Researching CVE-2023-28252, which is a Windows Local Privesc in the Common Log

26:30 Opening the CLFS Exploit up in Visual Studio and placing a Powershell Web Crad

32:30 Beyond root: Changing up the DLL we used for the foothold to just execute code

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →