HackTheBox - Driver
Рет қаралды 42,798
Күн бұрын00:00 - Intro
01:05 - Start of nmap
1:55 - Quickly testing SMB, then using CME to get a hostname of the box
3:30 - Testing out the website, discovering admin:admin logs us in. Running gobuster with HTTP Auth
04:55 - The website allows us to write to a file share. Going over SCF Files and how we can use them to steal NTLMv2 Hashes by having an external icon
07:30 - Using hashcat to crack the NTLMv2 Hash
08:45 - Using CME with these credentials to discover we can WinRM to the box
11:30 - Downloading WinPEAS and using our Evil-WinRM shell to execute it
14:40 - Going over the WinPEAS Output and discovering a Ricoh printer driver
21:50 - Going over the Ricoh printer driver exploit
23:10 - Switching to Metasploit, showing an issue with the WinRM Module in MSF
26:25 - Using MSFVenom to create an executable then having WinRM send us the meterpreter shell
29:30 - Having trouble getting the exploit to run... Switching to a 32 bit payload... then migrating to a interactive process
32:05 - Using Meterpreter to migrate to an interactive process then suddenly the exploit works
34:30 - Using the powershell PrintNightmare to privesc
37:20 - Showing the two WinRM MSF Scripts operate completely differently.
@haXez_org Жыл бұрын
This was amazing!!! thank you. I love how you take us through this really long learning path of swapping out the architecture and finally getting the metasploit payload to work. Then right at the end you do in a second by using Evil-WinRM and the powershell script. This was an immensely fun box.
@nirzaaa Жыл бұрын
Must say that I liked more the videos where you solved the machines for the first time on the video itself, but you're rocks this way too of course, well done ;)
@D3M0320 2 жыл бұрын
This is really interesting timing considering I spent most of yesterday turning off FTP, SMB and changing SNMP community strings for a lot of printers in our environment, and changing default passwords if I found any…
@spacenomad5484 2 жыл бұрын
MFP certainly stands for MultiFunction Printer and nothing else, I can't think of any other (possibly obscene) meaning for the letters M and F.
@MD4564 2 жыл бұрын
Correct.
@ripmeep 2 жыл бұрын
Correct x2.
@MrShooksy 2 жыл бұрын
Thanks Ippsec! Great video!
@abhishekmorla1 2 жыл бұрын
i was waiting for it🥰
@TracerPortable 2 жыл бұрын
So the intended way was way I didn't even notice. Nice.
@SamNetw0rk 2 жыл бұрын
🔥🔥 awesome, thanks for interest content
@softwaredeveloper9652 2 жыл бұрын
Waaao. I like very much this. I am happy for this tutorials.
@user-xv9wv8ef3n 5 ай бұрын
Great video! Question, when you created the MsfVenom exploit file, are we able to specify/use a non-meterpreter payload too? and if we go that route can I use netcat instead of metasploit to catch the shell?
@gabrielsantos19 2 жыл бұрын
What happened at 33:44? The exploit created session 5 before you Ctrl+c? Thank you for your videos, IppSec.
@cybersecurity3523 2 жыл бұрын
Good job bro
@declanmcardle 2 жыл бұрын
@3:00 would 389 be open if it was a DC / TGS?
@johns0n328 2 жыл бұрын
Great!
@josephsarkisian 2 жыл бұрын
Wouldn't uploading the SCF file to an MFP as a firmware update in a prod environment potentially break the MFP?
@ButIfWeSurvive-WeHereInTheEnd 2 жыл бұрын
👏🏻👏🏻👏🏻👏🏻👏🏻👏🏻👏🏻
@boyfromfuture69 2 жыл бұрын
Thanks ippsec nice video
@PR1V4TE Жыл бұрын
5:33 how to make Firefox to run whatever we type to execute as domain instead of default Google search. Cus when ever I type an IP address it takes me to Google. I have to type http at least at the beginning.
@Kaminchen 2 жыл бұрын
This is called penetration testing right? That would be the job title?
@AOSRoyal 2 жыл бұрын
crack dealer
@Carpcontrol Жыл бұрын
Yeah penetration hardens the system iukwim
@declanmcardle 2 жыл бұрын
IPP/CUPS is 631? I've forgotten what lpd is...lost in the annals of time...let's see what happens here...
@declanmcardle 2 жыл бұрын
515 I think...however, it's Windows which is being attacked, not the printer :-)
@Heyhey_1792 2 жыл бұрын
I checked the patreon for peass, and there’s only 1 extra patreon :(
@ippsec 2 жыл бұрын
I will - the MFA for my patreon is setup to an old phone. So I'm locked out temporarily lol
@Carpcontrol Жыл бұрын
@@ippsec that is ironic lol
@uchiha6428 2 жыл бұрын
How did u install evilwinrm on parrot os? Im having trouble installing it thats y
@podavu7044 Жыл бұрын
He is using the htb parrot machine , which comes with a bunch of pre-installed tools , but if u want i guess u can just git clone and install the requirements
@muhammadghareeb399 2 жыл бұрын
prince
@ruthwikkrishna8234 2 жыл бұрын
first veiw
@blackthorne-rose 9 ай бұрын
O.k. Ok... wtf is a "lull bend"?!?! lol Google gives me nothing!
@0xrobinho0d41 2 жыл бұрын
Check out my writeup 😁😁
@ryanboland7307 2 жыл бұрын
No
@marcelomedina7969 2 жыл бұрын
hello can you make the new machine removed from hackthebox OBJECT please!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
DEFCONConference
Рет қаралды 6 М.