HackTheBox - Omni

Рет қаралды 24,193

Күн бұрын

00:00 - Intro
00:55 - Begin of nmap
02:45 - Finding out this is Windows IOT
05:00 - Showing the BlackHat paper on Hacking Windows IOT
06:00 - Trying SirepRAT out against this box
11:00 - Finally getting code execution witht he SirepRAT tool, trying to run powershell
16:00 - Finally getting Powershell working, trying to get a Reverse Shell
19:45 - Getting a Reverse shell by downloading NC64.EXE and running it
22:30 - Reverse shell returned
27:00 - Extracting the SAM/SYSTEM Registry hive so we can run SECRETSDUMP to pull user hashes
30:50 - Had trouble with Impacket's SMB Server, editing smbd.conf
36:40 - Getting a shell as APP using the website, so we can decrypt the user.txt and iot-admin.txt secure strings
40:40 - Getting a shell as ADMINISTRATOR using the website so we can decrypt root.txt

Пікірлер: 68

@lesleybw 3 жыл бұрын

It's so ironic how these easy boxes are the ones which always teach me the most because most of the time they introduce me to a lot of content.I picked up a lot on this,really enjoyed learning about these PS secure string item,I'm sure it'll come in handy at some point in my tests,I really enjoyed this video,keep it up man.

@grarra4071 3 жыл бұрын

Loved delivery! Really fun box (: Surprised learning that it's a vulnerability that was commonly found in the wild.

@1tracker 3 жыл бұрын

Thank you IppSec, before this box retired I tried it but had no idea what to look for. Now I know what I should have done and learnt a lot from you.

@DHIRAL2908 3 жыл бұрын

Ayyy hyped for your box, ipp!

@spheleleshandu3334 3 жыл бұрын

Got a shell on this box and got too busy with course work. Pretty cool box. Thank you for the videos @ippsec

@Ms.Robot. 3 жыл бұрын

I love watching you do recon. You are really good💋❤🧚‍♀️.

@oriel360 3 жыл бұрын

great content keep up the good work m8!

@spacenomad5484 3 жыл бұрын

On the downside, I thought this box would be active for another week or two and didn't get user or system in time. On the upside, ippsec video and now I know how I was supposed to decrypt those SecureStrings.

@AbdennacerAyeb 3 жыл бұрын

You r fantastic. thank you for teaching us.

@MuhammadLab 3 жыл бұрын

Great video 👍

@sahilnayak6693 3 жыл бұрын

You are the one from Whome I've learned penetration testing. Thnx.😍😀

@BlackHermit 3 жыл бұрын

You know what they say about the S in IoT ;)

@themasterofdisastr1226 3 жыл бұрын

Nothing. Cuz there is no such thing.

@adminad705 3 жыл бұрын

so good

@azelbane87 3 жыл бұрын

AWSOME!!! AWSOME 2 HV U BACK TOO!! WE MISSED YOU!!

@elikelik3574 3 жыл бұрын

Welcome back, nice to c u after 2 Saturday without IppSec video😁 I hit like here and go to watch on TV. There i didn't find like button, that is why came here to hit like then go to watch it😄

@aldiyark1593 3 жыл бұрын

Damn i was so close, yesterday i reached to sirepRat and thought i will get my reverse after weekends, so close and so far...

@cybersecurity3523 3 жыл бұрын

Happy new year bro

@kharbandaumang 3 жыл бұрын

Hey ippsec no words to describe the help you are providing to people like me knowingly/unknowingly. Please consider doing boxes from proving grounds from OSCP. That will be even great and do you use premium subscription of HTB and do you recommend it ???

@ANTGPRO 3 жыл бұрын

Waiting for your videos more than new year.

@核平台湾 3 жыл бұрын

well great.

@kalidsherefuddin 2 жыл бұрын

Thanks

@hondatech5000 3 жыл бұрын

Wb missed you last week bro

@shay110020 2 жыл бұрын

Hey ippsec what's that Kraken machine you are ssh into?

@socat9311 3 жыл бұрын

In my dreams you team up with Jim Browning and make a scammer destroying video.

@lucabarba4900 3 жыл бұрын

Hey Ipp, can you enable auto subtitles?! thanks!

@pramodkhandelwal9321 3 жыл бұрын

Was this the intended method?? Or was it finding that r.bat file?

@crn2815 3 жыл бұрын

r.bat was unintended but since it was an easy box they felt it wasn't worth patching

@ohmyavax 3 жыл бұрын

Video about mobile app reverse engineering? Is that possible?

@Jopraveen18 3 жыл бұрын

yep

@omerfi 3 жыл бұрын

My tmux doesn't allow to scrool down and scroll up. How can I solve this problem?

@claudioalba5870 3 жыл бұрын

Use Ctrl + b (or whatever default shortcut you use) + [. You can then scroll and use PgUp and what not.

@MrMeLaX 3 жыл бұрын

Tried this one last week and didn't understand this SirepRAT...

@xormagic5190 3 жыл бұрын

You are number☝

@MHMagician 3 жыл бұрын

I assume many of your viewers are unfamiliar with python. It would probably be beneficial if you showed (or mentioned) that it is often better to quickly create a virtual environment and install any packages inside that to prevent version conflicts.

@kushagrachandra1832 3 жыл бұрын

Traceback (most recent call last): File "SirepRAT.py", line 46, in import hexdump ImportError: No module named hexdump . . .please someone help me with this problem .....i tried everything downloading using pip and else where ....my last hopes are from youtube comments section...please help...thank you

@snipeSec351 3 жыл бұрын

Try pip install hexdump. Then run the script again

@k_xx 3 жыл бұрын

In general you should always (if you trust the source) run "pip3 install -r requirements.txt" if that file is part of the repo.

@kushagrachandra1832 3 жыл бұрын

@@k_xx ok i'll try

@kushagrachandra1832 3 жыл бұрын

tx btw

@MASAbirokou 2 жыл бұрын

I got a reverse shell with the same way, but I can't list files of admin or other user's directory. when I execute ls for dir, it says Access to the path ... is denied. why???

@MASAbirokou 2 жыл бұрын

I noticed that I the USERPROFILE is C:\Data\Users\DefaultAccount. ????

@MASAbirokou 2 жыл бұрын

I understand now. I was executing the exploit with "--as_logged_on_user" option.😮😮

@Xx-nd1rs Жыл бұрын

@@MASAbirokou thanks this was diriving me crazy

@salluc1712 3 жыл бұрын

thank you so much

@0xunicorn189 3 жыл бұрын

You could have created a new user when you got foothold on the box and then login to the webpage on 8080. No need for password cracking.

@MuhammadHamza-bn7sm 3 жыл бұрын

I did this. Using net user command. Lol.

@Reelix 3 жыл бұрын

At 5:21 you copied the password, but included the ) (Which was the closing bracket of their note) - You can see this if you count the dots in your entered password - 9 dots when p@ssw0rd is 8 characters. You also potentially entered the incorrect username (Assuming it was case sensitive). Whilst the password doesn't work regardless, it's still interesting to note :)

@carlkobin7279 3 жыл бұрын

Thank You

@kasuntechtest8871 3 жыл бұрын

Welcome 2021 with ippsec

@grandmakisses9973 3 жыл бұрын

IPSec amazing

@m_peter1514 3 жыл бұрын

42 minutes not enough .

@hackrawi8907 3 жыл бұрын

oooooooooooo

@JC-jx9bp 3 жыл бұрын

Which distro is he using, or is it a xfce theme for Kali?

@VS-cx7pd 3 жыл бұрын

Parrot

@xormagic5190 3 жыл бұрын

Could you please upload much higher resolution videos. The pixel is beaking little bit even after increased the resolution.

@teachd.marshal1066 3 жыл бұрын

Ippsec what is ur job?

@Jopraveen18 3 жыл бұрын

hacking is his job😎

@Jopraveen18 3 жыл бұрын

when ropetwo?😁

@pramodkhandelwal9321 3 жыл бұрын

First tell htb to retire it.. I am waiting to see ippsec battling against rope2 coz I just don't have to guts to even attempt that box..lol

@Jopraveen18 3 жыл бұрын

@@pramodkhandelwal9321 not even nmap?

@Jopraveen18 3 жыл бұрын

@@pramodkhandelwal9321 the first part is pretty easy that's a basic browser exploitation read some articles abt that then u can able to get shell🙂 and the user part is very hard its UAF-heap🙄 we need to do t-cache poisioning and more stuffs😣 and the root part is kernal exploitation😥 we need to exploit that ralloc module🙄 Hope it'll retire soon