HackTheBox - Anubis

Name: HackTheBox - Anubis
Uploaded: 2022-01-29T15:00:43Z
Channel: IppSec
Description: 00:00 - Intro 01:00 - Start of nmap, getting hostname and 05:20 - Discovering the Server Header changes for virtualhost, probably navigating to a diffe...

IppSec · Beginner ·🔐 Cybersecurity ·4y ago

00:00 - Intro 01:00 - Start of nmap, getting hostname and 05:20 - Discovering the Server Header changes for virtualhost, probably navigating to a different box/container/etc [MasterRecon] 10:50 - Getting a good SSTI Fuzz String then identifying this string causes an error on the webserver. Removing parts of the string until we see the type of SSTI 13:40 - Playing with ASP Code in this SSTI or ASP Code Injection... Not sure what the vulnerability is 15:30 - Getting a VBScript One Liner to execute code and then getting a reverse shell 24:30 - Discovering a x509 certificate, decoding it with ope…

Watch on YouTube ↗ (saves to browser)

Chapters (19)

Intro

1:00 Start of nmap, getting hostname and

5:20 Discovering the Server Header changes for virtualhost, probably navigating to

10:50 Getting a good SSTI Fuzz String then identifying this string causes an error o

13:40 Playing with ASP Code in this SSTI or ASP Code Injection... Not sure what the

15:30 Getting a VBScript One Liner to execute code and then getting a reverse shell

24:30 Discovering a x509 certificate, decoding it with openssl, and discovering a se

29:00 Downloading and running chisel to setup a reverse socks proxy so we can attemp

31:54 Running nmap through the chisel socks proxy with proxychains

34:20 Setting FoxyProxy to only send specific domains through our proxy

36:30 Discovering the softwareportal.windcorp.htb attempts to install software on ma

38:30 Using responder to intercept the WinRM Connection and then use hashcat to crac

42:40 Using CrackMapExec with our cracked credentials discovering we can access a fi

45:00 Installing Jamovi then finding out the XSS and proving RCE with Calc. Setting

53:20 Creating a web cradle to execute a reverse shell, in typical ippsec fashion ha

56:20 Fixed up the web cradle, reverse shell returned. Some light enumeration and ta

1:00:00 Start of certificate exploit, downloading tools certify, rubeus, ADCS, PowerVi

1:04:45 Running Certify to find vulnerable certificates, we can edit the certificate t

1:08:00 Running Get-SmartCardCertificate and then checking certificate store to see we

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →