HackTheBox - Response

00:00 - Intro 01:00 - Start of nmap 03:45 - Discovering the /status/ page which gives us some information on how to use the Proxy 13:30 - Start of coding our own proxy 23:30 - Downloading the source code to the chat application 26:45 - Modifying our proxy to forward all requests to chat.reponse.htb and adding a webserver to it 39:00 - Web Proxy is up! But we need to replace some URL's to send everything through our proxy 42:50 - Adding POST Request support 52:00 - Post request working! Can login with Guest and talk to Bob over the chat 55:30 - Discovering the login request also sends a LDAP Server, we can point the login request to a ldap we control 59:00 - Using ChatGPT to Give us the hex to a successful LDAP Bind, so we can login after poisoning the LDAP Server 1:04:30 - Logged in with admin! 1:06:15 - Building a Cross Site Protocol Forgery payload to connect to the FTP Server, showing it work against us 1:15:40 - Sending bob the malicious payload and using FTP on his behalf 1:19:40 - Going over scan.sh 1:25:50 - Doing some LDAP Requests to see how its all setup 1:34:02 - Having the scan.sh scan our box by adding details into the LDAP Database 1:37:10 - Setting up an HTTPS Server on port 443, so it can scan it 1:39:00 - Using DNSMasq to setup a DNS Server on port 8053, and having IPTables redirect DNS Requests from the target to that port 1:45:00 - Starting a SMTPD Server, then creating a malicious certificate so we can exploit the NSE Script and extract an ssh key 1:53:00 - Going over the Incident Report, then looking at the PCAP 1:56:15 - Starting to parse the meterpreter packets, showing it in wireshark 2:00:50 - Using Scapy to extract the meterpreter tcp stream to a file 2:05:30 - Starting a python script to parse the meterpreter data 2:10:30 - Extracting the TLV for unencrypted packets 2:14:13 - Using Bulk_Extractor which extracts the AES Key from the core dump, its able to identify it via Key Expansion 2:19:30 - Decrypting the TLV, then adding definitions f