HackTheBox - Intelligence
ฝัง
- เผยแพร่เมื่อ 29 มิ.ย. 2024
- 00:00 - Intro
01:02 - Start of nmap, discover Active Directory and a web server
02:45 - Doing some common checks against a Domain Controller
04:50 - Discovering PDF's with filenames based upon the date
05:25 - Building a customized wordlist based upon the date with the date command
08:30 - Downloading the PDF's with wget and then examining metadata
11:25 - Using Kerbrute to validate the usernames in the metadata are correct
12:50 - Using pdftotext to convert all the PDF's into text files, so we can grep through text
14:20 - Finding the password NewIntelligenceCorpUser987, then using KerBrute to perfrom a passwordspray
15:40 - Running CrackMapExec Spider_Plus while we do some other CME things
17:20 - Running Python Bloodhound with the credentials we got from the password spray
19:10 - Using JQ to parse the data from CME's spider_plus module to discover a powershell script
22:50 - Importing the bloodhound results and then searching for attack paths
26:00 - Discovering we probably need to get access to the SVC_INT GMSA (Group Managed Service Account)
27:50 - Going back over the powershell script we downloaded, and then creating a DNS Record with krbrelayx's dnstool
28:57 - Using dnstool to create an A Record on an Active Directory Server
32:30 - Using the MSF Capture http_ntlm module to capture an NTLMv2 Hash of people that access our webserver (Responder also would work but was broke on my box)
36:35 - Using John to crack the ntlmv2 hash and gaining access to the Ted Graves account
42:19 - Using gMSA Dumper to extract the svc_int hash
43:43 - Using impacket's getST to generate a SilverTicket which we can use for impersonating an administrator
46:00 - Using NTPDate to syncronize the time to our domain controller
48:30 - Using our ticket with psexec to gain access to the server
I got my OSCP from your content months ago, but I still come back to keep learning, Thanks for making this awesome content \o/
Its not actually a silver ticket you're using at the end, but S4U delegation. Tried to leave a longer comment explaining in more detail but I guess youtube didn't like it lol
Explained it a bit in my video walkthrough of this machine, but I do plan on making a whole video dedicated to kerberos delegation stuff
This is loaded information. Thank you so much as always.
Impressive as always.
Love the content. Thanks
This is one of my favorite boxes. ❤️
first one wow love u from morroco
awesome content !
Next Level!
Awesome man.
Man thats gold ❤️
A lot to learn 😬😬😬
Great job , keep going !
big fan
1st viewer ❤️🔥
THANK YOU!!!
Oof, my brain can't even process what i saw.
wow!
I really love that... ❤️❤️👍👍
Sheesh this one is difficult I feel like a moron haha
Why u didn't do notes in obsidian?
As always, love the content. I wish the intros were at the end. It feels like a spoiler to listen to it so I always skip.
That’s why there’s always a jump in my he description.
can anyone compare this ad box to oscp
For a Beginner: How hard/high is this Box ranked on htb?
its marked as medium and I'd agree with that rating compared to the other machines. There are definitely easier machines and if you're a beginner they do have their "starting point" series that walks you through a few machines
Hey which OS do u use pls tell?
parrot security os
@@jiriperutek2055 I'm also doing the parrot os I just swifted from kali to parrot but its disconnecting my wifi after a few minutes pls help If u know to resolve it?
.
A little lower quality than his other ones
5 th view