HackTheBox - Jab
ฝัง
- เผยแพร่เมื่อ 1 ก.ค. 2024
- 00:00 - Introduction
01:00 - Start of nmap
04:25 - Opening Pidgin to register with the Jabber Server then look at chatrooms
10:15 - Opening the XMPP Console so we can copy users to build the username list
11:50 - Running Kerbrute against the users to get a few ASREP Roast Hashes
15:45 - Having issues cracking the hash, need to specify downgrade on kerbrute
19:30 - Running bloodhound with jmontgomery
21:00 - Logged into jabber with jmontgomery, discover a new chatroom which has creds to svc_openfire user
22:55 - Opening bloodhound to discover svc_openfire can ExecuteDCOM
27:30 - Modifying NXC to allow us to ExecuteDCOM without admin permissions
30:00 - Using impacket's DcomEXEC to get a shell on the box
34:55 - Forwarding port 9090 to our box so we can access the OpenFire management website
37:15 - Uploading a malicious plugin to the OpenFire service
What's going on, TH-cam, this is IppSec. Today there's no box. We're gonna chill, eat Doritos, drink Mountain Dew, watch SpongeBob, Daria, Tom and Jerry, play Super Mario 64 and Crash Bandicoot 2. With that being said, let's jump the frick in.
This can take some time to run so I have already run it. Here are the results, we have 6 ports open....
😂@@nuridincersaygili
Lmao
Watching ippsec always ignites my passion for the domain, great job man, really great job, thank u for all the beneficial information
Can't wait until ippsec discovers that he can just combine the two flags from -sC -sV to just -sCV, will I change the course of the intros for ever?! (You're the GOAT ipp)
ipp I love your videos. Ur videos got me into cybersecurity. Keep up the great work
Loving the videos man, just a cool tip but instead of piping through awk twice you can specify multiple field separators inside square brackets, so in this case you would do it like -F[\>@] '{print $2}. please keep uploading man I always love these videos
I usually shy away from doing windows boxes but recently started doing it more, and noticed that every boxes mostly has asrep roast.
I think it must be really common in real life pentesting as well.
It makes for good CTFs but it's extremely uncommon IRL. The sysadmin has to go in and specifically disable preauth on an account, which a lot of them have never even heard of doing. Kerberoasting and even finding passwords in account descriptions is more realistic
@@charlesnathansmith oh that makes sense. thanks
Hey Ippsec thank you for all of your videos. I quite don't understand a lot but getting a bit better on time. i am wondering if you can tell something (did'nt find something on your page) about your spects/components of your kracken machine. price (components, electricity bill), costs, mesaures and if it is worth for personal use (pentesting/bug bounty) or more for companies. thank you for a link or your answer.
keep save and happy hacking
🤜🤜🤜
The GOAT
❤❤
For me it always showed that the search room is not present (404 error) and I could not get the users list :/
Awk tuah
How
Sir my india won worldcup
sir amazing me love india
bro You okay?