HackTheBox - APT

Name: HackTheBox - APT
Uploaded: 2021-04-10T15:00:04Z
Channel: IppSec
Description: 00:00 - Intro 01:42 - Start of nmap and poking at the webserver 09:45 - Looking into MSRPC, showing MSF info overflow which is why I had historically ig...

IppSec · Beginner ·🔐 Cybersecurity ·4y ago

00:00 - Intro 01:42 - Start of nmap and poking at the webserver 09:45 - Looking into MSRPC, showing MSF info overflow which is why I had historically ignored it 14:10 - Poking at RPC with Impacket's RPCMap 18:30 - Converting a RPC Script to get IPv6 address from Python2 to Python3 20:15 - Using nmap to scan the IPv6 Address 22:30 - Showing how I would enumerate a Firewall, nothing works here but something I do. 27:30 - Finding SMB accepts anonymous users and contains an Active Directory Backup 32:45 - Using Impacket's SecretsDump to extract the NTDS.DIT with password last set, user status, and…

Watch on YouTube ↗ (saves to browser)

Chapters (24)

Intro

1:42 Start of nmap and poking at the webserver

9:45 Looking into MSRPC, showing MSF info overflow which is why I had historically

14:10 Poking at RPC with Impacket's RPCMap

18:30 Converting a RPC Script to get IPv6 address from Python2 to Python3

20:15 Using nmap to scan the IPv6 Address

22:30 Showing how I would enumerate a Firewall, nothing works here but something I d

27:30 Finding SMB accepts anonymous users and contains an Active Directory Backup

32:45 Using Impacket's SecretsDump to extract the NTDS.DIT with password last set, u

41:15 Using KerBrute to enumerate valid users on the box based upon the AD Backup

49:15 Using PyKerbrute to bruteforce Henry.Vinson's account

1:04:00 Using Socat + CrackMapExec to enumerate IPv6 (if i updated CME, it would be ab

1:08:00 Using Impacket's reg.py to query Windows Registry remotely from linux

1:17:30 Using Evil-WINRM to run WinPEAS/Seatbelt and bypass AMSI

1:26:00 Some good information talking about LmCompatibilityLevel and NetNTLMv1

1:29:15 Unintended method. Using Defender to make a SMB Request then decrypting the N

1:30:50 Editing responder to use a pre-set challenge (1122334455667788 used by Crack.S

1:35:30 Modifying RoguePotato to allow for IPv6

1:41:15 RoguePotato flagged by defender... Some weird AV Bypass...

1:48:30 Showing the Compiler flags will make RoguePotato undetectable by defender

1:58:05 RoguePotato working, lets start modifying impacket to allow us to stand up an

2:21:03 Start debugging our impacket studd with pdb set_trace

2:30:00 Got the NetNTLM v1 hash from Rogue Potato

2:39:50 Cleaning up notes

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →