HackTheBox - Querier

Name: HackTheBox - Querier
Uploaded: 2019-06-22T14:59:15Z
Channel: IppSec
Description: 00:50 - Begin of Reocn 03:30 - Using SMBMap to enumerate fileshares 05:45 - Discovering an Excel Macro File 09:25 - Using olevba to extract macro from t...

IppSec · Intermediate ·📊 Data Analytics & Business Intelligence ·6y ago

00:50 - Begin of Reocn 03:30 - Using SMBMap to enumerate fileshares 05:45 - Discovering an Excel Macro File 09:25 - Using olevba to extract macro from the document to discover credentials 11:15 - Using MSSQLClient.py from Impacket to log into the SQL Server 12:15 - Doing the SQL CMD:XP_DIRTREE to read a file off a UNC Share to steal the hash with Responder 13:15 - Cracking the NetNTLMv2 Hash 14:11 - Explaining the Responder Database file to view previously captured hashes 16:30 - Logging into the SQL Server with the cracked account, then doing XP_CMDSHELL to run commands 17:50 - Getting a Nish…

Watch on YouTube ↗ (saves to browser)

Chapters (15)

0:50 Begin of Reocn

3:30 Using SMBMap to enumerate fileshares

5:45 Discovering an Excel Macro File

9:25 Using olevba to extract macro from the document to discover credentials

11:15 Using MSSQLClient.py from Impacket to log into the SQL Server

12:15 Doing the SQL CMD:XP_DIRTREE to read a file off a UNC Share to steal the hash

13:15 Cracking the NetNTLMv2 Hash

14:11 Explaining the Responder Database file to view previously captured hashes

16:30 Logging into the SQL Server with the cracked account, then doing XP_CMDSHELL t

17:50 Getting a Nishang Reverse Shell

22:00 Running PowerUp, doing Invoke-ServiceAbuse and discovering creds in an old Gro

26:30 Going back to the password disclosed via Group Policy and discovering they are

28:00 Explaining how the PowerUp module decrypted a password out of Group Policy

29:10 Getting VIM to highlight the syntax of Powershell

34:50 Rooting the box with Invoke-ServiceAbuse

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →