HackTheBox - Atom

Name: HackTheBox - Atom
Uploaded: 2021-07-10T15:00:01Z
Channel: IppSec
Description: 00:00 - Intro 00:50 - Start of nmap 02:15 - Running RPCDump which shows if this is vulnerable to PrintNightmare (Exploit it later) 03:00 - Examining the...

IppSec · Beginner ·📰 AI News & Updates ·4y ago

00:00 - Intro 00:50 - Start of nmap 02:15 - Running RPCDump which shows if this is vulnerable to PrintNightmare (Exploit it later) 03:00 - Examining the webpage 04:15 - Explaining why i use lowercase wordlists on against Windows Webservers 06:00 - Listing shares with smbclient to find an open share 07:30 - Decompiling the Electron installer/app with asar 12:00 - Everything is extracted looking at package.json and main.js to find electron-updater 14:10 - Searching for exploits within Electron 15:30 - Using MSFVENOM to build a reverse shell 16:45 - Editing our installer YAML to point to our reve…

Watch on YouTube ↗ (saves to browser)

Chapters (26)

Intro

0:50 Start of nmap

2:15 Running RPCDump which shows if this is vulnerable to PrintNightmare (Exploit i

3:00 Examining the webpage

4:15 Explaining why i use lowercase wordlists on against Windows Webservers

6:00 Listing shares with smbclient to find an open share

7:30 Decompiling the Electron installer/app with asar

12:00 Everything is extracted looking at package.json and main.js to find electron-u

14:10 Searching for exploits within Electron

15:30 Using MSFVENOM to build a reverse shell

16:45 Editing our installer YAML to point to our reverse shell

19:30 Putting the files on the share and getting our reverse shell

21:30 Exploring the box to find PortableKanban

22:30 Copying the config to our box so we can extract the database password

25:40 Using CyberChef to decrypt the Portable Kanban password

28:20 Authenticating to Redit-CLI and dumping the user information to get administra

30:30 Using rundll32 to create a memory dump of LSASS so we can extract a password

32:30 Downloading lsass.dmp with evil-winrm

35:30 Using Pypykatz to parse the dump file and get Jason's password

38:30 Building our environment to perform CVE-2021-1675 (PrintNightmare)

42:50 Using PrintNightmare to connect to our netcat to verify it is vulnerable

44:20 Building a DLL to send a reverse shell

46:50 Having trouble with Impacket's SMBServer, configuring our local SMBD to work w

49:20 Reading more errors from impacket to verify we do have code execution

50:10 Giving a file that doesn't exist to see another error... More verifying that t

51:20 Giving it our ReverseShell DLL to get a reverse shell

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HackTheBox - Atom

Chapters (26)

Playlist

Lesson complete!