HackTheBox - Fluffy

Name: HackTheBox - Fluffy
Uploaded: 2025-09-20T15:00:37Z
Channel: IppSec
Description: 00:00 - Introduction 00:52 - Start of nmap 03:15 - Running NXC with the credentials we are given and kerberoasting 06:20 - Running Rusthound, still not ...

IppSec · Beginner ·🛡️ AI Safety & Ethics ·6mo ago

00:00 - Introduction 00:52 - Start of nmap 03:15 - Running NXC with the credentials we are given and kerberoasting 06:20 - Running Rusthound, still not finding all that much 09:12 - Looking at file shares, discovering a PDF on a writable share that states the server is vulnerable to CVE-2025-24071 13:50 - Making a malicious zip file by putting the .libary-ms file inside of the zip that points to our box, using responder to steal and crack the hash 18:50 - Identifying P.AGILA can add themself to Service Account Managers and take over Service Accounts 22:22 - Using BloodyAD to add ourself to a g…

Watch on YouTube ↗ (saves to browser)

Chapters (9)

Introduction

0:52 Start of nmap

3:15 Running NXC with the credentials we are given and kerberoasting

6:20 Running Rusthound, still not finding all that much

9:12 Looking at file shares, discovering a PDF on a writable share that states the

13:50 Making a malicious zip file by putting the .libary-ms file inside of the zip t

18:50 Identifying P.AGILA can add themself to Service Account Managers and take over

22:22 Using BloodyAD to add ourself to a group, then certipy to use shadow credentia

26:00 Using Certipy to identify and exploit AD ESC 16

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →