HackTheBox - Voleur

IppSec · Beginner ·🛠️ AI Tools & Apps ·6mo ago

00:00 - Introduction 01:00 - Start of nmap 07:20 - Running RustHound 08:30 - Running smbclient with Kerberos, to login to the fileshare as Ryan and downloading/cracking a word document with password 12:50 - Opening the Access Review Document, discovering multiple credentials and looking at bloodhound to see what we can do 18:30 - Performing a TargetedKerberost to gain access to the WinRM Account and then using RunasCS to gain a shell as SVC_LDAP 25:40 - Using the AD Powershell Module to restore a deleted user 27:20 - Showing we didn't need a shell to restore the deleted user, doing it manually first showing ldapsearch can see deleted users then running the tombstone netexec module 38:30 - Todd.Wolfe is a member of second-line technician. Looking at the fileshare to discover his user backup 41:40 - Running Netexec Spider_Plus to dump the fileshare and discovering DPAPI Saved Blobs 46:00 - Using impacket-dpapi to decrypt the dpapi data that was in the backup 50:30 - Getting access to Jeremy.Combs, who has SSH Access to the box 58:30 - Finding the NTDS Backup, running secretsdump to get Administrator

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

Related AI Lessons

The only AI tools you actually need as a developer

Focus on essential AI tools to streamline development, reducing unnecessary complexity

Dev.to · Samaresh Das

Why Blinkit’s Home Page Looks Different in Delhi vs Bangalore — The Engineering Behind It

Learn how Blinkit's home page is engineered to look different in Delhi vs Bangalore using location-based personalization

How AI is changing creative jobs… and what marketers and designers need to do about it

AI is transforming creative jobs, requiring marketers and designers to adapt and collaborate with AI tools

Form Responses Are the Missing Trigger for AI Workflow Automation

Discover how form responses can trigger AI workflow automation, streamlining business processes and increasing efficiency

Dev.to · Lovanaut

Chapters (13)

Introduction

1:00 Start of nmap

7:20 Running RustHound

8:30 Running smbclient with Kerberos, to login to the fileshare as Ryan and downloa

12:50 Opening the Access Review Document, discovering multiple credentials and looki

18:30 Performing a TargetedKerberost to gain access to the WinRM Account and then us

25:40 Using the AD Powershell Module to restore a deleted user

27:20 Showing we didn't need a shell to restore the deleted user, doing it manually

38:30 Todd.Wolfe is a member of second-line technician. Looking at the fileshare to

41:40 Running Netexec Spider_Plus to dump the fileshare and discovering DPAPI Saved

46:00 Using impacket-dpapi to decrypt the dpapi data that was in the backup

50:30 Getting access to Jeremy.Combs, who has SSH Access to the box

58:30 Finding the NTDS Backup, running secretsdump to get Administrator

AI/BI Genie for Marketing