HackTheBox - Voleur

Name: HackTheBox - Voleur
Uploaded: 2025-11-01T15:00:24Z
Channel: IppSec
Description: 00:00 - Introduction 01:00 - Start of nmap 07:20 - Running RustHound 08:30 - Running smbclient with Kerberos, to login to the fileshare as Ryan and down...

IppSec · Beginner ·🛠️ AI Tools & Apps ·5mo ago

00:00 - Introduction 01:00 - Start of nmap 07:20 - Running RustHound 08:30 - Running smbclient with Kerberos, to login to the fileshare as Ryan and downloading/cracking a word document with password 12:50 - Opening the Access Review Document, discovering multiple credentials and looking at bloodhound to see what we can do 18:30 - Performing a TargetedKerberost to gain access to the WinRM Account and then using RunasCS to gain a shell as SVC_LDAP 25:40 - Using the AD Powershell Module to restore a deleted user 27:20 - Showing we didn't need a shell to restore the deleted user, doing it manually…

Watch on YouTube ↗ (saves to browser)

Chapters (13)

Introduction

1:00 Start of nmap

7:20 Running RustHound

8:30 Running smbclient with Kerberos, to login to the fileshare as Ryan and downloa

12:50 Opening the Access Review Document, discovering multiple credentials and looki

18:30 Performing a TargetedKerberost to gain access to the WinRM Account and then us

25:40 Using the AD Powershell Module to restore a deleted user

27:20 Showing we didn't need a shell to restore the deleted user, doing it manually

38:30 Todd.Wolfe is a member of second-line technician. Looking at the fileshare to

41:40 Running Netexec Spider_Plus to dump the fileshare and discovering DPAPI Saved

46:00 Using impacket-dpapi to decrypt the dpapi data that was in the backup

50:30 Getting access to Jeremy.Combs, who has SSH Access to the box

58:30 Finding the NTDS Backup, running secretsdump to get Administrator

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →