HackTheBox - Manager

Name: HackTheBox - Manager
Uploaded: 2024-03-16T14:59:20Z
Channel: IppSec
Description: 00:00 - Introduction 01:00 - Start of Nmap 03:20 - Checking out the website, deciding there isn't much of interest here 05:10 - Running Kerbrute with a ...

IppSec · Beginner ·📊 Data Analytics & Business Intelligence ·2y ago

00:00 - Introduction 01:00 - Start of Nmap 03:20 - Checking out the website, deciding there isn't much of interest here 05:10 - Running Kerbrute with a userlist to identify valid users 05:50 - Showing what Kerbrute is doing with NetExec 09:00 - A better way to enumerate valid users, RID Bruteforce, showing it with NetExec 10:50 - Using RPCClient to show how RID Bruteforce works 14:00 - Using NetExec to bruteforce users with the password of their username 17:55 - Showing off the NetExec Database 19:30 - Switching over to testing accounts for MSSQL Access with NetExec 21:20 - Using Impacket's MS…

Watch on YouTube ↗ (saves to browser)

Chapters (13)

Introduction

1:00 Start of Nmap

3:20 Checking out the website, deciding there isn't much of interest here

5:10 Running Kerbrute with a userlist to identify valid users

5:50 Showing what Kerbrute is doing with NetExec

9:00 A better way to enumerate valid users, RID Bruteforce, showing it with NetExec

10:50 Using RPCClient to show how RID Bruteforce works

14:00 Using NetExec to bruteforce users with the password of their username

17:55 Showing off the NetExec Database

19:30 Switching over to testing accounts for MSSQL Access with NetExec

21:20 Using Impacket's MSSQLClient to access the MSSQL Server and running XP_DIRTREE

23:20 Finding a credential for Raven in the backup file

26:50 Using Certipy to find out the server is exploitable to ADCS ESC7, then exploit

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →