- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Puppy - HackTheBox (HTB) CTF Walkthrough
HackTheBox Puppy CTF Walkthrough with explanation for beginners!
HackTheBox's Puppy is a great challenge if you're looking to get good at Active Directory penetration testing. Dive in as we exploit DACL, disabled accounts, misplaced backup files, and DPAPI Credentials. Happy Hacking!
HTB Machine - https://app.hackthebox.com/machines/Puppy
KeePass Brute Force - https://infosecwriteups.com/brute-forcing-keepass-database-passwords-cbe2433b7beb
Helpful DPAPI Article - https://www.synacktiv.com/en/publications/windows-secrets-extraction-a-summary#tooling
My Github (More walkthroughs!) - https://github.com/NTHSec/CTF-Writeups
My Medium (More walkthroughs!) - https://medium.com/@NTHSec
--------------------------------------------------------------------------------------------------
Time Stamps:
0:00 - Intro
0:50 - Initial Nmap Scans
2:00 - Exploring our initial credentials to find the DEV SMB share
4:35 - Creating a users list and starting bloodhound enumeration
8:00 - Discovering we have GenericWrite over the Developers group. Adding levi.james to the developers group to read the DEV share.
11:00 - Finding the KeyPass recovery file in the DEV share and brute forcing the password to discover cleartext credentials
18:40 - Password spraying the credentials we found to successfully authenticate as ant.edwards.
20:00 - Enumerating as ant.edwards to find we have GenericAll on adam.silver. Resetting adam's password and attempting to authenticate.
22:40 - Finding out that the adam.silver account is disabled. Re-enabling the account w/ ldapmodify
28:30 - Evil-winrm in as adam.silver to find the Puppy backup. Unzipping this file we can find steph.cooper's cleartext credentials.
32:45 - Logging in as steph.cooper and running WinPEAS
37:15 - Finding that we have a DPAPI masterkey and credential blob. Downloading these files to our kali machine
40:30 - Using impacket-dpapi to decrypt the masterkey, and then use it to obtain cleartext credentials for the steph.cooper_adm account.
44:30 - Outro
Видео Puppy - HackTheBox (HTB) CTF Walkthrough канала NTH Security
HackTheBox's Puppy is a great challenge if you're looking to get good at Active Directory penetration testing. Dive in as we exploit DACL, disabled accounts, misplaced backup files, and DPAPI Credentials. Happy Hacking!
HTB Machine - https://app.hackthebox.com/machines/Puppy
KeePass Brute Force - https://infosecwriteups.com/brute-forcing-keepass-database-passwords-cbe2433b7beb
Helpful DPAPI Article - https://www.synacktiv.com/en/publications/windows-secrets-extraction-a-summary#tooling
My Github (More walkthroughs!) - https://github.com/NTHSec/CTF-Writeups
My Medium (More walkthroughs!) - https://medium.com/@NTHSec
--------------------------------------------------------------------------------------------------
Time Stamps:
0:00 - Intro
0:50 - Initial Nmap Scans
2:00 - Exploring our initial credentials to find the DEV SMB share
4:35 - Creating a users list and starting bloodhound enumeration
8:00 - Discovering we have GenericWrite over the Developers group. Adding levi.james to the developers group to read the DEV share.
11:00 - Finding the KeyPass recovery file in the DEV share and brute forcing the password to discover cleartext credentials
18:40 - Password spraying the credentials we found to successfully authenticate as ant.edwards.
20:00 - Enumerating as ant.edwards to find we have GenericAll on adam.silver. Resetting adam's password and attempting to authenticate.
22:40 - Finding out that the adam.silver account is disabled. Re-enabling the account w/ ldapmodify
28:30 - Evil-winrm in as adam.silver to find the Puppy backup. Unzipping this file we can find steph.cooper's cleartext credentials.
32:45 - Logging in as steph.cooper and running WinPEAS
37:15 - Finding that we have a DPAPI masterkey and credential blob. Downloading these files to our kali machine
40:30 - Using impacket-dpapi to decrypt the masterkey, and then use it to obtain cleartext credentials for the steph.cooper_adm account.
44:30 - Outro
Видео Puppy - HackTheBox (HTB) CTF Walkthrough канала NTH Security
Комментарии отсутствуют
Информация о видео
27 сентября 2025 г. 19:45:06
00:45:22
Другие видео канала
Which Beginner Pentesting Cert Should You Take? (PJPT vs. PT1)
Should You Go to College for CYBERSECURITY? (Degree vs. Certs)
LIVE Creating a CTF Lab for Hack Smarter! | Part 4 -- Misconfigurations
SimpleCTF - TryHackMe CTF Walkthrough {FOR BEGINNERS!}
Shell By Shell -- Intro to Enumeration | Hack The Box "Fawn" Walkthrough for Beginners
UltraTech- TryHackMe CTF Walkthrough!
RootMe - TryHackMe CTF Walkthrough {FOR BEGINNERS}!
TryHackMe BLIND Walkthrough! -- SoupeDecode Part 1
My Next Certification is a Big Risk...
How to Pass Your PNPT in 22 Minutes (2025)
BoardLight - HackTheBox (HTB) CTF Walkthrough (For Beginners)
Short Stream! Building a CTF for Hack Smarter! | Quick Config
How I almost FAILED my first Pentesting Certification
Shell By Shell -- Running OS Commands w/ SQL Injection! | Hack The Box "Vaccine" Walkthrough
You're DESTORYING Your Cybersecurity Progress if you do THIS
One Simple Organization Trick makes the OSCP Easy
Live Hacking! Come learn with me! | HackSmarter ShadowGate
Fluffy- HackTheBox (HTB) CTF Walkthrough
Is the OSCP Worth it in 2026?? (OSCP vs. PNPT)
Shell By Shell -- Hacking AWS! | Hack The Box "Three" Walkthrough
Nocturnal - HackTheBox (HTB) CTF Walkthrough
