HackTheBox - DropZone

IppSec · Beginner ·🔐 Cybersecurity ·7y ago

Skills: Security Basics80%AI Security70%Defensive AI60%

01:00 - Start of Recon 02:15 - TFTP Enumeration - Identifying configuration and OS information 06:32 - Finding a path to code execution 07:17 - Examining PSExec Metasploit Module 08:55 - Using irb within metasploit to print a powershell payload 12:30 - Examining PsExec() 15:40 - Examining native_upload 18:10 - Examining mof_upload 20:34 - Using irb within metasploit to print the MOF File 22:35 - Quick explanation of MOF Files 25:05 - Modifying the MOF to run NetCat 27:30 - Uploading nc to the target 28:50 - Uploading the malicious MOF File and getting a shell! 29:50 - Using Streams to view Hidden text within ADS ==== Box Done, Lets play with MSF 33:08 - Start of Bonus Content, finging a TFTP Exploit that uses MOF 35:05 - Attempting to use distrinct_ftp_traversal against DropZone 36:30 - Installing pry.byebug in order to allow us to drop to a debug console and step through metasploit modules 40:50 - Testing out pry.byebug 42:30 - Finding why the exploit module didn't work 44:50 - Module still doesn't work, TFTP Stopping mid transfer 49:30 - Whoops, changed the delay on the wrong timeout 51:00 - Meterpreter Shell returned, showing off the extended API and some WMI Commands.

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

More on: Security Basics

View skill →

HackTheBox - Analytics

HackTheBox - Analytics

AWS Security Agent (Preview) Overview - Frontier Agent for Proactive AppSec | Amazon Web Services

AWS Security Agent (Preview) Overview - Frontier Agent for Proactive AppSec | Amazon Web Services

Amazon Web Services

HOW FRCKN' HARD IS IT TO UNDERSTAND A URL?! - uXSS CVE-2018-6128

HOW FRCKN' HARD IS IT TO UNDERSTAND A URL?! - uXSS CVE-2018-6128

Secure Hash Algorithms Using Python- SHA256,SHA384,SHA224,SHA512,SHA1- Hashing In BlockChain

Secure Hash Algorithms Using Python- SHA256,SHA384,SHA224,SHA512,SHA1- Hashing In BlockChain

Bruteforce 32bit Stack Cookie. stack0: part 3 - bin 0x23

Bruteforce 32bit Stack Cookie. stack0: part 3 - bin 0x23

Configure and Deploy AWS Client VPN

Configure and Deploy AWS Client VPN

Related AI Lessons

Guarding the AI Revolution: Inside AI-Guardian 1.7 and 1.8

Learn about AI-Guardian 1.7 and 1.8, the latest tools to secure AI-powered coding assistants, and why they matter for software development

Medium · Cybersecurity

LetsDefend — Investigate Web Attack

Investigate web attack logs from the bWAPP application to learn about cybersecurity threats and how to defend against them

Medium · Cybersecurity

Breaking OAuth Trust: An Analysis of CVE-2026–45430 in Backdrop CMS

Learn about the critical OAuth vulnerability CVE-2026-45430 in Backdrop CMS and its implications for cybersecurity

Medium · Cybersecurity

Discord now encrypts every voice and video call by default, and not even it can listen in

Discord enables end-to-end encryption for all voice and video calls, ensuring private conversations

The Next Web AI

Chapters (22)

1:00 Start of Recon

2:15 TFTP Enumeration - Identifying configuration and OS information

6:32 Finding a path to code execution

7:17 Examining PSExec Metasploit Module

8:55 Using irb within metasploit to print a powershell payload

12:30 Examining PsExec()

15:40 Examining native_upload

18:10 Examining mof_upload

20:34 Using irb within metasploit to print the MOF File

22:35 Quick explanation of MOF Files

25:05 Modifying the MOF to run NetCat

27:30 Uploading nc to the target

28:50 Uploading the malicious MOF File and getting a shell!

29:50 Using Streams to view Hidden text within ADS

33:08 Start of Bonus Content, finging a TFTP Exploit that uses MOF

35:05 Attempting to use distrinct_ftp_traversal against DropZone

36:30 Installing pry.byebug in order to allow us to drop to a debug console and step

40:50 Testing out pry.byebug

42:30 Finding why the exploit module didn't work

44:50 Module still doesn't work, TFTP Stopping mid transfer

49:30 Whoops, changed the delay on the wrong timeout

51:00 Meterpreter Shell returned, showing off the extended API and some WMI Commands

How do I resolve the "Kernel panic - not syncing" error in my EC2 instance?

Amazon Web Services