HackTheBox - Forest

Name: HackTheBox - Forest
Uploaded: 2020-03-21T14:01:21Z
Channel: IppSec
Description: 00:00 - Intro 01:15 - Running NMAP and queuing a second nmap to do all ports 05:40 - Using LDAPSEARCH to extract information out of Active Directory 08:...

IppSec · Beginner ·🔐 Cybersecurity ·6y ago

00:00 - Intro 01:15 - Running NMAP and queuing a second nmap to do all ports 05:40 - Using LDAPSEARCH to extract information out of Active Directory 08:30 - Dumping user information from AD via LDAP then creating a wordlist of users 12:10 - Creating a custom wordlist for password spraying with some bashfu and hashcat 18:30 - Using CrackMapExec to dump the password policy of Active Directory using a null authentication, then doing a Password Spray 22:00 - Enumerating information out of AD using rpcclient and null authentication 28:10 - Now that our PWSpray is running in the background, lets go …

Watch on YouTube ↗ (saves to browser)

Chapters (22)

Intro

1:15 Running NMAP and queuing a second nmap to do all ports

5:40 Using LDAPSEARCH to extract information out of Active Directory

8:30 Dumping user information from AD via LDAP then creating a wordlist of users

12:10 Creating a custom wordlist for password spraying with some bashfu and hashcat

18:30 Using CrackMapExec to dump the password policy of Active Directory using a nul

22:00 Enumerating information out of AD using rpcclient and null authentication

28:10 Now that our PWSpray is running in the background, lets go through Impacket Sc

29:30 Using GetNPUsers to perform an ASREP Roast (Kerberos PreAuth) with Null Authen

36:20 Using Evil-WinRM to get a shell on the box with SVC-ALFRESCO's credentials

37:30 Setting up a SMBShare, using New-PSDRive to mount the share, then running WinP

42:20 Going over WinPEAS Output

44:20 Downloading Bloodhound and the SharpHound Ingestor

48:50 Importing the Bloodhound Results and finding an AD Attack Path

52:10 Going over the Account Operators Group (will allow us to create an account)

53:30 Using Net User to create a new user, then adding it to the Exchange Group

58:40 Downloading the PowerSploit Dev Branch to utilize the function "Add-DomainObje

1:01:40 Some basic troubleshooting when the command goes wrong, then giving ippsec the

1:02:30 Performing SecretsDump to perform a DCSync and extract hashes, then PSEXEC wit

1:07:10 Going over the "--users" option in hashcat so you can easily identify whos has

1:10:43 Using the KRBTGT Hash to perform the GoldenTicket attack from Linux

1:35:11 Showing it worked, Issues were we could not use IP Addresses anywhere in the c

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →