HackTheBox - Overwatch

IppSec · Beginner ·🔐 Cybersecurity ·5d ago

Skills: Network Security90%

00:00 - Introduction 00:45 - Start of nmap 03:00 - Null Authentication lets us list open shares 05:30 - Using SMBClient and downloading the overwatch binary and config from the fileshare 08:40 - Using ilSpycmd to decompile the dotnet from Linux 10:04 - Looking at the overwatch source, which is a WCF (Windows Communication Foundation) Binary 14:00 - Taking nmap allports output, doing some bashful to get a list of open ports to do our normal nmap against the open ports 17:40 - Finding MSSQL on port 6520, we can login. The Enum_Links shows an SQL Server, it hangs and says the host SQL07 doesn't exist 21:45 - Using BloodyAD to show AD Attributes we can write to, discover we can create DNS Entries, then creating a DNS Entry for SQL07 to point back to us and then getting the SQLMGMT user credentials 25:00 - Looking at the WCF Endpoint, examining the WSDL and explaining it a little bit 26:30 - Executing endpoints in the WCF Endpoint from PowerShell with New-WebServiceProxy and getting RCE on the server 33:00 - Showing how we could have enumerated services from our first shell

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

More on: Network Security

View skill →

GNS3 Labs: DMVPN, IPsec and NAT across BGP Internet routers: Answers Part 7

GNS3 Labs: DMVPN, IPsec and NAT across BGP Internet routers: Answers Part 7

Building a High-throughput VPN

Configuring Network Connectivity Center as a Transit Hub

VPC Flow Logs - Analyzing Network Traffic

HackTheBox - Intentions

HackTheBox - Intentions

Google Cloud Packet Mirroring with OpenSource IDS

Related AI Lessons

XSS Nedir ve Neden Hâlâ Tehlikeli? | Bir Siber Güvenlik Öğrencisinin Notları

Learn about XSS attacks and their ongoing threat to web security

Medium · Cybersecurity

Beyond Repo Scanning: How AIRI Expanded the Risk Vocabulary in STEM BIO-AI 1.7.x

Learn how AIRI expanded risk vocabulary in STEM BIO-AI 1.7.x beyond repo scanning

Dev.to · Kwansub Yun

GitGuardian Now Flags Admin and Overprivileged Identities Across AWS, Entra, and Okta

Learn how to identify and manage admin and overprivileged identities across AWS, Entra, and Okta using GitGuardian

Dev.to · Dwayne McDaniel

‘Won’t Fix’—All VPN Apps Affected As Google Android 16 Leaks Info

Android 16 has a VPN bypass vulnerability exposing real IP addresses, but Google won't fix it

Forbes Innovation

Chapters (12)

Introduction

0:45 Start of nmap

3:00 Null Authentication lets us list open shares

5:30 Using SMBClient and downloading the overwatch binary and config from the files

8:40 Using ilSpycmd to decompile the dotnet from Linux

10:04 Looking at the overwatch source, which is a WCF (Windows Communication Foundat

14:00 Taking nmap allports output, doing some bashful to get a list of open ports to

17:40 Finding MSSQL on port 6520, we can login. The Enum_Links shows an SQL Server,

21:45 Using BloodyAD to show AD Attributes we can write to, discover we can create D

25:00 Looking at the WCF Endpoint, examining the WSDL and explaining it a little bit

26:30 Executing endpoints in the WCF Endpoint from PowerShell with New-WebServicePro

33:00 Showing how we could have enumerated services from our first shell

Data Management and Privacy Practices for Professionals