Weird, my scans didin't show the same opened ports. There was no 389 and 636 ports, I had 3268 and 3269. I still have the 2 nmap files of my scans 2 weeks ago. I guess this is why C****y failed. I have not saved my scan yesterday but I'm sure that 389 and 636 were not opened. If you go in Github issues of the tool used for PrivEsc someone was asking for a new feature to specify on command line the port LDAP is listening (hard coded in tools), explaining a use case of HTb Box not listening on default ports : I think I was not the only one with the same problem
Hey IppSec, could you in one of the boxes, also show the usage of Sliver C2 just as you did for Powershell Empire and Merlin back in the day? I would really appreciate it.
Hey IppSec, Could you show the usage of Sliver C2 in one the boxes, like you did for Powershell Empire and Merlin back in the day? I would really appreciate it.
Psexec doesn't authenticate as system. It authenticates as an admin and then uploads a service to run as local system and pop a shell That's why there's a dcomexec, wmiexec, etc. They just abuse different RPC features to get code execution
hello sir,I want to ask some questions? can bug bounty useful in 2024 and the future? Because I feel the security of modern technology is very safe and security jobs can be rare in the future. I want your answer sir.
is it necessary to do a virtual hosts enumeration when we can do a dns zone transfer with the box? I would expect all the virtual hosts to be in the response of the zone transfer.
Five years now and still waiting for someone to do write-ups this good. 🏆
Teşekkürler.
It's nice to see different perspectives
Weird, my scans didin't show the same opened ports. There was no 389 and 636 ports, I had 3268 and 3269. I still have the 2 nmap files of my scans 2 weeks ago. I guess this is why C****y failed. I have not saved my scan yesterday but I'm sure that 389 and 636 were not opened. If you go in Github issues of the tool used for PrivEsc someone was asking for a new feature to specify on command line the port LDAP is listening (hard coded in tools), explaining a use case of HTb Box not listening on default ports : I think I was not the only one with the same problem
Both ldap ports for me are filtered too.
wonderful work
You are a legend 😊
Hey IppSec, could you in one of the boxes, also show the usage of Sliver C2 just as you did for Powershell Empire and Merlin back in the day? I would really appreciate it.
thanks bro very good and perfect
Hey IppSec, Could you show the usage of Sliver C2 in one the boxes, like you did for Powershell Empire and Merlin back in the day? I would really appreciate it.
On what box he did that ?
I've always wondered why System can log in at all. I should see how that works sometime. Any thoughts?
Psexec doesn't authenticate as system. It authenticates as an admin and then uploads a service to run as local system and pop a shell
That's why there's a dcomexec, wmiexec, etc. They just abuse different RPC features to get code execution
@@charlesnathansmith Interesting. I hadn't noticed that.
Thank you sir♥️🙏
hello sir,I want to ask some questions?
can bug bounty useful in 2024 and the future?
Because I feel the security of modern technology is very safe and security jobs can be rare in the future.
I want your answer sir.
Good luck man
please make a playlist of that htb videos where i can watch only bugbounty/websec related boxes
is it necessary to do a virtual hosts enumeration when we can do a dns zone transfer with the box? I would expect all the virtual hosts to be in the response of the zone transfer.
Got access denied trying to issue certificate. help me
After sometime access is reset.
Push!
Why do you spoil the box at teh start of the video?
nice
Hey Ipp-san, let's binge watch Dragon Ball Z in honor of Mr. Akira Toriyama
I’m not sure what would take longer, a spirit bomb or nmap