HackTheBox - Jab

Name: HackTheBox - Jab
Uploaded: 2024-06-29T15:10:37Z
Channel: IppSec
Description: 00:00 - Introduction 01:00 - Start of nmap 04:25 - Opening Pidgin to register with the Jabber Server then look at chatrooms 10:15 - Opening the XMPP Con...

IppSec · Beginner ·🔐 Cybersecurity ·1y ago

00:00 - Introduction 01:00 - Start of nmap 04:25 - Opening Pidgin to register with the Jabber Server then look at chatrooms 10:15 - Opening the XMPP Console so we can copy users to build the username list 11:50 - Running Kerbrute against the users to get a few ASREP Roast Hashes 15:45 - Having issues cracking the hash, need to specify downgrade on kerbrute 19:30 - Running bloodhound with jmontgomery 21:00 - Logged into jabber with jmontgomery, discover a new chatroom which has creds to svc_openfire user 22:55 - Opening bloodhound to discover svc_openfire can ExecuteDCOM 27:30 - Modifying NXC t…

Watch on YouTube ↗ (saves to browser)

Chapters (13)

Introduction

1:00 Start of nmap

4:25 Opening Pidgin to register with the Jabber Server then look at chatrooms

10:15 Opening the XMPP Console so we can copy users to build the username list

11:50 Running Kerbrute against the users to get a few ASREP Roast Hashes

15:45 Having issues cracking the hash, need to specify downgrade on kerbrute

19:30 Running bloodhound with jmontgomery

21:00 Logged into jabber with jmontgomery, discover a new chatroom which has creds t

22:55 Opening bloodhound to discover svc_openfire can ExecuteDCOM

27:30 Modifying NXC to allow us to ExecuteDCOM without admin permissions

30:00 Using impacket's DcomEXEC to get a shell on the box

34:55 Forwarding port 9090 to our box so we can access the OpenFire management websi

37:15 Uploading a malicious plugin to the OpenFire service

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →