APT - HackTheBox
APT is a 50-point machine on HackTheBox which involves getting the IPv6 Address via MS-RPC, credential spraying, and reading the boxes registry remotely. For root, we force authentication of the box's machine account to our box, capture it with responder, crack it, and then use secretsdump to obtain the administrator hash.
You are welcome to join my discord: https://discord.gg/qdbJqXKPQ3 !
[ Timestamps ]
00:00 Intro
00:23 User
13:55 Root
[ Notes & Links ]
• https://github.com/mubix/IOXIDResolver
• https://github.com/cube0x0/HashSpray.py
• https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level
• https://notes.vulndev.io/notes/hackthebox/apt
[ Desktop ]
• https://github.com/xct/kali-clean
[ About ]
• https://vulndev.io
• https://twitter.com/xct_de
• https://github.com/xct
• https://www.patreon.com/xct
This is purely educational content - all practical work is done in environments that allow and encourage offensive security training.
Видео APT - HackTheBox канала xct
You are welcome to join my discord: https://discord.gg/qdbJqXKPQ3 !
[ Timestamps ]
00:00 Intro
00:23 User
13:55 Root
[ Notes & Links ]
• https://github.com/mubix/IOXIDResolver
• https://github.com/cube0x0/HashSpray.py
• https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level
• https://notes.vulndev.io/notes/hackthebox/apt
[ Desktop ]
• https://github.com/xct/kali-clean
[ About ]
• https://vulndev.io
• https://twitter.com/xct_de
• https://github.com/xct
• https://www.patreon.com/xct
This is purely educational content - all practical work is done in environments that allow and encourage offensive security training.
Видео APT - HackTheBox канала xct
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Active Directory, Reverse Engineering & Unintended Solutions - Pivotapi @ HackTheBoxHackTheBox - APTHackTheBox - RopeSSRF & Python Debugger - Forge @ HackTheBoxDNS Rebinding, XSS & 2FA SSH - Crossfit2 @ HackTheBoxHackTheBox - OmniCommand Injection & Path Hijacking - Previse @ HackTheBoxHackTheBox - LaboratoryUsing My Python Skills To Punish Credit Card ScammersASP, Windows Containers, Responder & NoPAC - Anubis @ HackTheBoxHackTheBox - "Remote" - Umbraco & WindowsHackTheBox - Luanne5 Things You're Doing Wrong When Programming in PythonHackTheBox - TallyHackTheBox - HelpHackTheBox - PassageHackTheBox - TabbyHacking into Google's Network for $133,337SSRF into Responder, gMSA Password & SeRestorePrivilege - Heist @ PG PracticePassword Spraying, gMSA, ADIDNS & Constrained Delegation - Intelligence @ HackTheBox