- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
How to solve HTB Keeper | Hack The Box 2023 | Default Credentials | Password Harvesting | KeePass
CVE-2023-32784 (15th May 2023)
https://nvd.nist.gov/vuln/detail/CVE-2023-32784
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
Exploits
https://github.com/CMEPW/keepass-dump-masterkey/tree/main
https://github.com/z-jxy/keepass_dump
Timecodes
00:00 - Intro
00:27 - Port Scanning / Enumeration
1:39 - Website Enumeration
4:45 - Default Credentials
10:30 - User Access
12:00 - KeePass kpcli and python exploit
22:50 - putty-tools SSH key conversion
28:01 - Root Access
Tools:
OBS Studio
Da Vinci Resolve
VMware Fusion
Music:
‘Sonny And Rico’ and ‘Vecna’ by Jaxius
https://www.youtube.com/c/Jaxius/featured
‘Starlight’ by SergePavkinMusic
https://pixabay.com/music/synthwave-starlight-162584/
Thanks to Nightmare and all Hackthebox Creators
Thanks for watching! Every view/like/comment encourages me to film more boxes.
Видео How to solve HTB Keeper | Hack The Box 2023 | Default Credentials | Password Harvesting | KeePass канала noobsec
https://nvd.nist.gov/vuln/detail/CVE-2023-32784
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
Exploits
https://github.com/CMEPW/keepass-dump-masterkey/tree/main
https://github.com/z-jxy/keepass_dump
Timecodes
00:00 - Intro
00:27 - Port Scanning / Enumeration
1:39 - Website Enumeration
4:45 - Default Credentials
10:30 - User Access
12:00 - KeePass kpcli and python exploit
22:50 - putty-tools SSH key conversion
28:01 - Root Access
Tools:
OBS Studio
Da Vinci Resolve
VMware Fusion
Music:
‘Sonny And Rico’ and ‘Vecna’ by Jaxius
https://www.youtube.com/c/Jaxius/featured
‘Starlight’ by SergePavkinMusic
https://pixabay.com/music/synthwave-starlight-162584/
Thanks to Nightmare and all Hackthebox Creators
Thanks for watching! Every view/like/comment encourages me to film more boxes.
Видео How to solve HTB Keeper | Hack The Box 2023 | Default Credentials | Password Harvesting | KeePass канала noobsec
Комментарии отсутствуют
Информация о видео
6 сентября 2023 г. 6:58:44
00:29:56
Другие видео канала
"The Archives" - How to hack BSIDES VANCOUVER 2018 VulnHub Walkthrough 005
"The Archives" - How to hack DerpNStink VulnHub Walkthrough 004
"The Archives" - How to hack TOPPO VulnHub Walkthrough 002
"The Archives" - How to hack LAMPIÃO VulnHub Walkthrough 001
How to solve HTB Squashed with ChatGPT | Hack The Box 2023 | AI ShellGPT | NFS Arbitrary File Upload
How to solve HTB CozyHosting | Hack The Box 2023 | Info Disclosure | Session Hijack | Password Crack
"The Archives" - How to hack JIS JORDAN INFOSEC VulnHub Walkthrough 003
"The Archives" - How to hack NODE VulnHub Walkthrough 006
