HackTheBox - Giddy

IppSec · Beginner ·🔐 Cybersecurity ·7y ago

Skills: AI Security90%Tool Use & Function Calling80%Defensive AI70%SQL Analytics60%

01:00 - Begin of intro 02:17 - Examining port 80 and 443 03:15 - Using gobuster to discover directories 04:20 - /remote discovered, nothing to do here 05:25 - /mvc discovered 06:15 - SQL Injection everywhere 09:15 - Attempt to perform union injection on search 10:15 - Having trouble, send to SQLMap look at other places in the applicaiton 12:20 - SQLMap having trouble with search SQL, change to ITEM 16:50 - Attempting XP_CMDSHELL (Fails) 19:50 - Using XP_DIRTREE to read files off SMBShare 23:30 - Use Responder to steal the authentication attempt of XP_DIRTREE 25:00 - Cracking the NetNTLMv2 Hash 26:00 - Logging into /remote with cracked credentials 26:40 - Discovering unifi video is installed, this has a known privesc 29:30 - Attempting to use Meterpreter. (Fail: AV) 32:15 - Grabbing and compiling a DotNet Reverse Shell 35:15 - Actually compiling the reverse shell 38:58 - Using xcopy to copy our reverse shell to the victim 39:00 - Attempting to find Unifi Service name so we can restart it. End up searching registry due to permission issues. 42:10 - Restarting Unifi Service so it executes TaskKill.exe # Box Done 44:25 - Start of Bypassing AppLocker Bypass by copying executable into a directory under Windows 45:50 - Escaping powershell constrained mode with PSBypassCLM 60:25 - Showing the Powershell History file which contained a hint at Unifi

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

More on: AI Security

View skill →

Managing Threat Intelligence with Cortex XSOAR

SECURE Your App with Roles and Permissions in Spring Security!

SECURE Your App with Roles and Permissions in Spring Security!

TheCodeAlchemist

Pete Bryan - Scaling Jupyter Notebooks for global scale security analysis | JupyterCon 2020

Pete Bryan - Scaling Jupyter Notebooks for global scale security analysis | JupyterCon 2020

Warning! Python Remote Keylogger (this is really too easy!)

Warning! Python Remote Keylogger (this is really too easy!)

Episode 9: Automating Single-Turn Attacks with PyRIT | AI Red Teaming 101

Episode 9: Automating Single-Turn Attacks with PyRIT | AI Red Teaming 101

Microsoft Developer

Secure Agent Authorization with OAuth 2.0 | Amazon Bedrock AgentCore | Amazon Web Services

Secure Agent Authorization with OAuth 2.0 | Amazon Bedrock AgentCore | Amazon Web Services

Amazon Web Services

Related AI Lessons

LetsDefend — Investigate Web Attack

Investigate web attack logs from the bWAPP application to learn about cybersecurity threats and how to defend against them

Medium · Cybersecurity

Breaking OAuth Trust: An Analysis of CVE-2026–45430 in Backdrop CMS

Learn about the critical OAuth vulnerability CVE-2026-45430 in Backdrop CMS and its implications for cybersecurity

Medium · Cybersecurity

Discord now encrypts every voice and video call by default, and not even it can listen in

Discord enables end-to-end encryption for all voice and video calls, ensuring private conversations

The Next Web AI

Mythic C2 Server ile AS-REP Roasting Attack ve Splunk ile Detection

Learn to detect AS-REP Roasting attacks using Splunk and understand how Mythic C2 Server is used in such attacks

Medium · Cybersecurity

Chapters (24)

1:00 Begin of intro

2:17 Examining port 80 and 443

3:15 Using gobuster to discover directories

4:20 /remote discovered, nothing to do here

5:25 /mvc discovered

6:15 SQL Injection everywhere

9:15 Attempt to perform union injection on search

10:15 Having trouble, send to SQLMap look at other places in the applicaiton

12:20 SQLMap having trouble with search SQL, change to ITEM

16:50 Attempting XP_CMDSHELL (Fails)

19:50 Using XP_DIRTREE to read files off SMBShare

23:30 Use Responder to steal the authentication attempt of XP_DIRTREE

25:00 Cracking the NetNTLMv2 Hash

26:00 Logging into /remote with cracked credentials

26:40 Discovering unifi video is installed, this has a known privesc

29:30 Attempting to use Meterpreter. (Fail: AV)

32:15 Grabbing and compiling a DotNet Reverse Shell

35:15 Actually compiling the reverse shell

38:58 Using xcopy to copy our reverse shell to the victim

39:00 Attempting to find Unifi Service name so we can restart it. End up searching r

42:10 Restarting Unifi Service so it executes TaskKill.exe

44:25 Start of Bypassing AppLocker Bypass by copying executable into a directory und

45:50 Escaping powershell constrained mode with PSBypassCLM

1:00:25 Showing the Powershell History file which contained a hint at Unifi

How do I resolve the "Kernel panic - not syncing" error in my EC2 instance?

Amazon Web Services