HackTheBox - Sauna

Name: HackTheBox - Sauna
Uploaded: 2020-07-18T15:00:16Z
Channel: IppSec
Description: 00:00 - Intro 01:05 - Running Nmap 02:07 - Poking at SMB with CrackMapExec, SMBMap, and RPCClient to get nothing 04:15 - Checking out the web page 06:00...

IppSec · Beginner ·🛡️ AI Safety & Ethics ·5y ago

00:00 - Intro 01:05 - Running Nmap 02:07 - Poking at SMB with CrackMapExec, SMBMap, and RPCClient to get nothing 04:15 - Checking out the web page 06:00 - Playing with user input in the website and getting an error "HTTP VERB used is not allowed" 08:20 - Copying names from the website 10:50 - Using some VIM/VI Magic (macro) to convert names into potential usernames 12:40 - Identifying valid usernames by using KerBrute which can enumerate valid usernames 16:00 - Running some Impacket scripts and performing an ASREP Roast to extract password hash from Active Directory 18:20 - Running GetNPUsers …

Watch on YouTube ↗ (saves to browser)

Chapters (16)

Intro

1:05 Running Nmap

2:07 Poking at SMB with CrackMapExec, SMBMap, and RPCClient to get nothing

4:15 Checking out the web page

6:00 Playing with user input in the website and getting an error "HTTP VERB used is

8:20 Copying names from the website

10:50 Using some VIM/VI Magic (macro) to convert names into potential usernames

12:40 Identifying valid usernames by using KerBrute which can enumerate valid userna

16:00 Running some Impacket scripts and performing an ASREP Roast to extract passwor

18:20 Running GetNPUsers to get the hash for a user and then using hashcat to crack

20:50 Seeing a RICOH printer share, pulling EXIF data off website to get an idea if

23:10 Using Evil-WinRM to log into the box with FSMITH and run WinPEAS to get saved

29:00 Running BloodHound

34:25 Identifying that svc_loanmgr can perform a DCSYNC

35:40 Running SecretsDump with svc_loanmgr to perform a DCSYNC

37:45 Performing a Pass The Hash with the administrator user using PSExec

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →