HackTheBox - Certificate

Name: HackTheBox - Certificate
Uploaded: 2025-10-04T15:00:00Z
Channel: IppSec
Description: 00:00 - Introduction 01:00 - Start of nmap 04:00 - Checking out the website and registering a user 07:15 - Discovering upload functionality, that lets u...

IppSec · Beginner ·🔍 RAG & Vector Search ·5mo ago

00:00 - Introduction 01:00 - Start of nmap 04:00 - Checking out the website and registering a user 07:15 - Discovering upload functionality, that lets us upload PHP Files. Explaining what a Null Byte will may do in a zip file 12:00 - Using BurpSuite to manipulate the hex and add a Null Byte in the filename shell.php..pdf, so when unzipped it becomes shell.php 16:00 - Talking about the Zip Stack or Concatenation Attack, where we stack two zips on top of eachother. Some Zip Programs read he first file, others read the second 20:30 - Shell on the box, dumping hashes out of the database and cracki…

Watch on YouTube ↗ (saves to browser)

Chapters (12)

Introduction

1:00 Start of nmap

4:00 Checking out the website and registering a user

7:15 Discovering upload functionality, that lets us upload PHP Files. Explaining wh

12:00 Using BurpSuite to manipulate the hex and add a Null Byte in the filename shel

16:00 Talking about the Zip Stack or Concatenation Attack, where we stack two zips o

20:30 Shell on the box, dumping hashes out of the database and cracking hashes

27:00 Getting a Shell as Sara.B, discovering a PCAP which contains a Kerberos Auth.

36:10 Shell as Lion.SK, looking at groups and also running RustHound to see we have

39:50 Running Certipy to list vulnerable certificates which shows ESC3, we can't req

43:20 Running some powershell commands to look at groups and members of groups to di

48:00 Exploiting SeManageVolumePrivilegee and then extracting the CA Certificate to

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →