HackTheBox - POV

Name: HackTheBox - POV
Uploaded: 2024-06-08T15:00:05Z
Channel: IppSec
Description: 00:00 - Introduction 01:00 - Start of nmap 02:45 - Discovering the Dev Subdomain 04:00 - Playing with the Resume Download, discovering a File Disclosure...

IppSec · Beginner ·🔐 Cybersecurity ·1y ago

00:00 - Introduction 01:00 - Start of nmap 02:45 - Discovering the Dev Subdomain 04:00 - Playing with the Resume Download, discovering a File Disclosure Vulnerability 05:40 - Discovering some odd behavior with ../, its just a replace. Grabbing web.config 08:15 - Using YsoSerial.Net to create a malicious ViewState Gadget, be careful with command prompt and single quotes! 12:00 - Getting a reverse shell with a web cradle 14:10 - Shell returned, discovering a Password stored with Secure String, decrypting it 17:40 - Showing the password, using Invoke-Command to switch users but having trouble ge…

Watch on YouTube ↗ (saves to browser)

Chapters (12)

Introduction

1:00 Start of nmap

2:45 Discovering the Dev Subdomain

4:00 Playing with the Resume Download, discovering a File Disclosure Vulnerability

5:40 Discovering some odd behavior with ../, its just a replace. Grabbing web.conf

8:15 Using YsoSerial.Net to create a malicious ViewState Gadget, be careful with co

12:00 Getting a reverse shell with a web cradle

14:10 Shell returned, discovering a Password stored with Secure String, decrypting i

17:40 Showing the password, using Invoke-Command to switch users but having trouble

23:00 Method 1: Using Meterpreter to take advantage of SeDebug by Migrating into ano

24:45 Method 2: Showing RunasCS will get us the debug permission but PSGetSys script

29:45 Method 2.5: Disabling the firewall and showing Evil-WINRM works with PSGetSys,

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →