Hi . Nice videos . I don’t understand how did u have an smb connection by manipulation de RFI url . What is happening on the url ip/please/subscribe . I didn’t understand this part of the video . The script only prints content of a file . Can you explain me please ? Thank you very much .
I believe we try to make a smb connection back to our attacker box, and when it tries to connect it gives the user name/hash and we capture the traffic with responder. Since the one trying to make the connection is a service (svc_apache) we get those credientials. As far as I am aware, AD stuff almost everything communicates with their user/hash combo
Because PS credential object works when you have a real terminal so when you are connected throught ssh, rdp, ecc.. If you are using meterpreter or another kind of reverse shell it will not work because is not "native"
thanks, i learned a lot, like uploading desktop.ini and catching the response but i'd be still stuck at the kerberos appool part. gotta try harder i guess. BTW please do a rebuild video!
Hi Ippsec, I am testing one box and ports that are open are 80, 443 and 3389. Port 80 and 443 opens the same web page and its a login screen. I have ran sqlmap, able to enumerate database name but not the tables. getting some errors. Bruteforced dirctories, but nothing interesting ad also ran bruteorce for 3389 but no luck Can you pleas perovide any inputs?
Yes please make a video of a box rebuild! 👍
Hi! could you make a video about how you rebuild your box ? We all have our own way I guess
I second this request.
third
i think It's a pwnbox from htb
Thanks Ippsec
Around the 20 minute mark - my brain exploded. I'm starting to question whether or not IPPSec is human or not. Are you an AI bro?
Very insightful box! Thank you!
There is also a way to exploit the seprivilege with potato
Good Video!
Hi . Nice videos . I don’t understand how did u have an smb connection by manipulation de RFI url . What is happening on the url ip/please/subscribe . I didn’t understand this part of the video . The script only prints content of a file . Can you explain me please ? Thank you very much .
I believe we try to make a smb connection back to our attacker box, and when it tries to connect it gives the user name/hash and we capture the traffic with responder. Since the one trying to make the connection is a service (svc_apache) we get those credientials. As far as I am aware, AD stuff almost everything communicates with their user/hash combo
what a brainfuck machine 🔥
that tmux situation got clearly out of hand at some point 😆
great video, also a box rebuild video would be awesome
Can someone please let me know why RunAsC is needed and can't just use PS credential Object?
Because PS credential object works when you have a real terminal so when you are connected throught ssh, rdp, ecc..
If you are using meterpreter or another kind of reverse shell it will not work because is not "native"
This is literally the besst machine so far
Did you leak your public IP ?
The real curl binary now lives in Windows/System32 if that makes things easier. Not sure what version of Windows they started doing that with though
Can I use potato in iis priv?
What linux distro do you run for hacking? Kali?
This is Parrot OS HTB edition
I love ippsec
the goat! :)
thanks
Push!
Nice
Nice job
Do you use a VPN to connect to HTB besides the VPN they provide to connect to it. Like one to hide public IP
uh
thanks, i learned a lot, like uploading desktop.ini and catching the response but i'd be still stuck at the kerberos appool part. gotta try harder i guess. BTW please do a rebuild video!
How was this box seriously rated as hard? 😂🙈
What's going on, my politically incorrect racial epithets, it's ya boy Ippsec
Hi Ippsec, I am testing one box and ports that are open are 80, 443 and 3389. Port 80 and 443 opens the same web page and its a login screen. I have ran sqlmap, able to enumerate database name but not the tables. getting some errors. Bruteforced dirctories, but nothing interesting ad also ran bruteorce for 3389 but no luck
Can you pleas perovide any inputs?