HackTheBox - Response

Name: HackTheBox - Response
Uploaded: 2023-02-04T15:00:00Z
Channel: IppSec
Description: 00:00 - Intro 01:00 - Start of nmap 03:45 - Discovering the /status/ page which gives us some information on how to use the Proxy 13:30 - Start of codin...

IppSec · Intermediate ·🔐 Cybersecurity ·3y ago

00:00 - Intro 01:00 - Start of nmap 03:45 - Discovering the /status/ page which gives us some information on how to use the Proxy 13:30 - Start of coding our own proxy 23:30 - Downloading the source code to the chat application 26:45 - Modifying our proxy to forward all requests to chat.reponse.htb and adding a webserver to it 39:00 - Web Proxy is up! But we need to replace some URL's to send everything through our proxy 42:50 - Adding POST Request support 52:00 - Post request working! Can login with Guest and talk to Bob over the chat 55:30 - Discovering the login request also sends a LDAP S…

Watch on YouTube ↗ (saves to browser)

Chapters (27)

Intro

1:00 Start of nmap

3:45 Discovering the /status/ page which gives us some information on how to use th

13:30 Start of coding our own proxy

23:30 Downloading the source code to the chat application

26:45 Modifying our proxy to forward all requests to chat.reponse.htb and adding a w

39:00 Web Proxy is up! But we need to replace some URL's to send everything through

42:50 Adding POST Request support

52:00 Post request working! Can login with Guest and talk to Bob over the chat

55:30 Discovering the login request also sends a LDAP Server, we can point the login

59:00 Using ChatGPT to Give us the hex to a successful LDAP Bind, so we can login af

1:04:30 Logged in with admin!

1:06:15 Building a Cross Site Protocol Forgery payload to connect to the FTP Server, s

1:15:40 Sending bob the malicious payload and using FTP on his behalf

1:19:40 Going over scan.sh

1:25:50 Doing some LDAP Requests to see how its all setup

1:34:02 Having the scan.sh scan our box by adding details into the LDAP Database

1:37:10 Setting up an HTTPS Server on port 443, so it can scan it

1:39:00 Using DNSMasq to setup a DNS Server on port 8053, and having IPTables redirect

1:45:00 Starting a SMTPD Server, then creating a malicious certificate so we can explo

1:53:00 Going over the Incident Report, then looking at the PCAP

1:56:15 Starting to parse the meterpreter packets, showing it in wireshark

2:00:50 Using Scapy to extract the meterpreter tcp stream to a file

2:05:30 Starting a python script to parse the meterpreter data

2:10:30 Extracting the TLV for unencrypted packets

2:14:13 Using Bulk_Extractor which extracts the AES Key from the core dump, its able t

2:19:30 Decrypting the TLV, then adding definitions f

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →