This was amazing!!! thank you. I love how you take us through this really long learning path of swapping out the architecture and finally getting the metasploit payload to work. Then right at the end you do in a second by using Evil-WinRM and the powershell script. This was an immensely fun box.
Must say that I liked more the videos where you solved the machines for the first time on the video itself, but you're rocks this way too of course, well done ;)
This is really interesting timing considering I spent most of yesterday turning off FTP, SMB and changing SNMP community strings for a lot of printers in our environment, and changing default passwords if I found any…
He is using the htb parrot machine , which comes with a bunch of pre-installed tools , but if u want i guess u can just git clone and install the requirements
Great video! Question, when you created the MsfVenom exploit file, are we able to specify/use a non-meterpreter payload too? and if we go that route can I use netcat instead of metasploit to catch the shell?
5:33 how to make Firefox to run whatever we type to execute as domain instead of default Google search. Cus when ever I type an IP address it takes me to Google. I have to type http at least at the beginning.
hello can you make the new machine removed from hackthebox OBJECT please!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
This was amazing!!! thank you.
I love how you take us through this really long learning path of swapping out the architecture and finally getting the metasploit payload to work.
Then right at the end you do in a second by using Evil-WinRM and the powershell script.
This was an immensely fun box.
Must say that I liked more the videos where you solved the machines for the first time on the video itself, but you're rocks this way too of course, well done ;)
MFP certainly stands for MultiFunction Printer and nothing else, I can't think of any other (possibly obscene) meaning for the letters M and F.
Correct.
Correct x2.
This is really interesting timing considering I spent most of yesterday turning off FTP, SMB and changing SNMP community strings for a lot of printers in our environment, and changing default passwords if I found any…
So the intended way was way I didn't even notice. Nice.
@3:00 would 389 be open if it was a DC / TGS?
This is called penetration testing right?
That would be the job title?
crack dealer
Yeah penetration hardens the system iukwim
How did u install evilwinrm on parrot os? Im having trouble installing it thats y
He is using the htb parrot machine , which comes with a bunch of pre-installed tools , but if u want i guess u can just git clone and install the requirements
IPP/CUPS is 631? I've forgotten what lpd is...lost in the annals of time...let's see what happens here...
515 I think...however, it's Windows which is being attacked, not the printer :-)
Thanks ippsec nice video
Great video! Question, when you created the MsfVenom exploit file, are we able to specify/use a non-meterpreter payload too? and if we go that route can I use netcat instead of metasploit to catch the shell?
O.k. Ok... wtf is a "lull bend"?!?! lol Google gives me nothing!
I checked the patreon for peass, and there’s only 1 extra patreon :(
I will - the MFA for my patreon is setup to an old phone. So I'm locked out temporarily lol
@@ippsec that is ironic lol
i was waiting for it🥰
Good job bro
5:33 how to make Firefox to run whatever we type to execute as domain instead of default Google search. Cus when ever I type an IP address it takes me to Google. I have to type http at least at the beginning.
What happened at 33:44? The exploit created session 5 before you Ctrl+c?
Thank you for your videos, IppSec.
Wouldn't uploading the SCF file to an MFP as a firmware update in a prod environment potentially break the MFP?
Waaao. I like very much this. I am happy for this tutorials.
🔥🔥 awesome, thanks for interest content
Thanks Ippsec! Great video!
👏🏻👏🏻👏🏻👏🏻👏🏻👏🏻👏🏻
Great!
prince
first veiw
hello can you make the new machine removed from hackthebox OBJECT please!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Check out my writeup 😁😁
No