HackTheBox - Reel

IppSec · Beginner ·🔐 Cybersecurity ·7y ago

Skills: Ethical Hacking & Pen Testing90%Network Security80%

00:42 - Begin of Nmap 04:23 - Examining the anonymous FTP Directory and discovering email addresses in Meta Data 06:50 - Manually enumerating valid email addresses via SMTP 10:50 - Creating a "Canary Document" in Word to ping back to our server when a word document is opened 13:14 - Generating a malicious RTF Document (CVE-2017-0199) 26:28 - Shell Returned. Enumerating the AppLocker Policy 32:53 - Decrypting a PowerShell Secure String to reveal Tom's Password, Testing access with SSH 35:22 - Lets forget we had Tom and run Bloodhound from Nico! 40:30 - First time opening BloodHound on this box. 49:45 - Lets update Bloodhound, looks like some data is missing and there were errors when running it 53:25 - Finding a path from Nico to BACKUP_ADMINS and explaining Active Directory (AD) Security Objects (GenericWrite, WriteOwner,etc) 58:23 - Taking Ownership over Herman then allowing Nico to change his password and examining bloodhound 01:01:40 - Adding Herman to the Backup_Admins group 01:04:30 - Finding the Administrator Password within backup scripts. 01:07:00 - Attempting to run Watson (ends up not working) 01:23:22 - Using Metasploit to do the box 01:25:42 - Since Watson failed, lets just look at last patch times on the box to get an idea whats vulnerable. 01:27:19 - Attempting to do the ALPC Exploit within Metasploit 01:31:00 - That failed - Lets just prove the box is vulnerable, by overwriting a DLL

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

More on: Ethical Hacking & Pen Testing

View skill →

HackTheBox - Photobomb

HackTheBox - Photobomb

VulnHub - Sokar

VulnHub - Sokar

HackTheBox - Multimaster

HackTheBox - Multimaster

Hacking a Smart Camera: IoT Hacking With Andrew Bellini (Part 3)

Hacking a Smart Camera: IoT Hacking With Andrew Bellini (Part 3)

The Cyber Mentor

Ethical Password Cracking

Ethical Password Cracking

Exploitation and Penetration Testing with Metasploit

Exploitation and Penetration Testing with Metasploit

Related AI Lessons

Guarding the AI Revolution: Inside AI-Guardian 1.7 and 1.8

Learn about AI-Guardian 1.7 and 1.8, the latest tools to secure AI-powered coding assistants, and why they matter for software development

Medium · Cybersecurity

LetsDefend — Investigate Web Attack

Investigate web attack logs from the bWAPP application to learn about cybersecurity threats and how to defend against them

Medium · Cybersecurity

Breaking OAuth Trust: An Analysis of CVE-2026–45430 in Backdrop CMS

Learn about the critical OAuth vulnerability CVE-2026-45430 in Backdrop CMS and its implications for cybersecurity

Medium · Cybersecurity

Discord now encrypts every voice and video call by default, and not even it can listen in

Discord enables end-to-end encryption for all voice and video calls, ensuring private conversations

The Next Web AI

Chapters (19)

0:42 Begin of Nmap

4:23 Examining the anonymous FTP Directory and discovering email addresses in Meta

6:50 Manually enumerating valid email addresses via SMTP

10:50 Creating a "Canary Document" in Word to ping back to our server when a word do

13:14 Generating a malicious RTF Document (CVE-2017-0199)

26:28 Shell Returned. Enumerating the AppLocker Policy

32:53 Decrypting a PowerShell Secure String to reveal Tom's Password, Testing access

35:22 Lets forget we had Tom and run Bloodhound from Nico!

40:30 First time opening BloodHound on this box.

49:45 Lets update Bloodhound, looks like some data is missing and there were errors

53:25 Finding a path from Nico to BACKUP_ADMINS and explaining Active Directory (AD)

58:23 Taking Ownership over Herman then allowing Nico to change his password and exa

1:01:40 Adding Herman to the Backup_Admins group

1:04:30 Finding the Administrator Password within backup scripts.

1:07:00 Attempting to run Watson (ends up not working)

1:23:22 Using Metasploit to do the box

1:25:42 Since Watson failed, lets just look at last patch times on the box to get an i

1:27:19 Attempting to do the ALPC Exploit within Metasploit

1:31:00 That failed - Lets just prove the box is vulnerable, by overwriting a DLL

How do I resolve the "Kernel panic - not syncing" error in my EC2 instance?

Amazon Web Services