HackTheBox - Tally
01:45 - Start of NMAP
04:17 - Begin of Sharepoint/GoBuster (Special Sharepoint List)
06:32 - Manually browsing to Sitecontent (Get FTP Creds)
10:18 - Mirror FTP + Pillage for information, Find keypass in Tim's directory and crack it.
18:22 - Mounting/Mirroring ACCT Share with found Creds and finding hardcoded SQL Creds
25:24 - Logging into MSSQL with SQSH, enabling xp_cmdshell and getting a Nishang Rev Shell
34:35 - Finding SPBestWarmUp.ps1 Scheduled Task that runs as Administrator
40:00 - Begin of RottenPotato without MSF (Decoder's Lonely Potato)
45:56 - Using Ebowla Encoding for AV Evasion to create an exe for use with Lonely Potato
58:00 - Lonely Potato Running to return a Admin Shell
### BOX DONE
01:04:22 - Finding CVE-2017-0213
01:08:33 - Installing Visual Studio 2015 && Compiling the exploit
01:15:50 - Exploit Compiled, trying to get it to work....
01:18:11 - Just noticed the SPBestWarmUp.ps1 executed and gave us a shell!
01:28:37 - Found the issue, exploit seems to require interactive process
01:30:00 - Begin of Firefox Exploit Cluster (Not recommended to watch lol). It's a second unreliable way to get user
Видео HackTheBox - Tally канала IppSec
04:17 - Begin of Sharepoint/GoBuster (Special Sharepoint List)
06:32 - Manually browsing to Sitecontent (Get FTP Creds)
10:18 - Mirror FTP + Pillage for information, Find keypass in Tim's directory and crack it.
18:22 - Mounting/Mirroring ACCT Share with found Creds and finding hardcoded SQL Creds
25:24 - Logging into MSSQL with SQSH, enabling xp_cmdshell and getting a Nishang Rev Shell
34:35 - Finding SPBestWarmUp.ps1 Scheduled Task that runs as Administrator
40:00 - Begin of RottenPotato without MSF (Decoder's Lonely Potato)
45:56 - Using Ebowla Encoding for AV Evasion to create an exe for use with Lonely Potato
58:00 - Lonely Potato Running to return a Admin Shell
### BOX DONE
01:04:22 - Finding CVE-2017-0213
01:08:33 - Installing Visual Studio 2015 && Compiling the exploit
01:15:50 - Exploit Compiled, trying to get it to work....
01:18:11 - Just noticed the SPBestWarmUp.ps1 executed and gave us a shell!
01:28:37 - Found the issue, exploit seems to require interactive process
01:30:00 - Begin of Firefox Exploit Cluster (Not recommended to watch lol). It's a second unreliable way to get user
Видео HackTheBox - Tally канала IppSec
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
HackTheBox - OpenAdmin
HackTheBox - Reel
HackTheBox - Monitors
HackTheBox - Kryptos
Creating a VM to learn Linux PrivEsc
HackTheBox - Schooled
HackTheBox - Enterprise
HackTheBox - Kotarak
HackTheBox - Unattended
HackTheBox - Falafel
VulnHub - Pinkys Palace v2
HackTheBox - Control
HackTheBox - Bart
HackTheBox - Rope
VulnHub - Sokar
HackTheBox - Obscurity
HackTheBox - Luanne
HackTheBox - SecNotes
HackTheBox - Nineveh
HackTheBox - Curling